I don't know about other managers, but nixpkgs has hashes of the package I'm installing, and is a git repo, so I can easily detect a history rewrite, and I have the full history of package changes over time. Since it's a git repo, I can also easily install things as of a given time.