Tentar instalar o pacote debian npm faz com que o apt-get remova o libssl-dev

:~/$ uname -a
Linux hostname 4.9.0-4-rt-amd64 #1 SMP PREEMPT RT Debian 4.9.51-1 (2017-09-28) x86_64 GNU/Linux

Acho que tenho uma árvore de dependência clara sem pacotes quebrados.

:~/$ sudo apt-get check
Reading package lists... Done
Building dependency tree       
Reading state information... Done

No entanto, quando tento instalar npm, o apt-get deseja remover libssl-dev:

:~$ sudo apt-get install npm
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libldns2 libssl-doc
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  gyp libjs-inherits libjs-node-uuid libssl1.0-dev libuv1-dev node-abbrev node-ansi node-ansi-color-table node-archy node-async node-balanced-match node-block-stream node-brace-expansion node-builtin-modules
  node-combined-stream node-concat-map node-cookie-jar node-delayed-stream node-forever-agent node-form-data node-fs.realpath node-fstream node-fstream-ignore node-github-url-from-git node-glob
  node-graceful-fs node-gyp node-hosted-git-info node-inflight node-inherits node-ini node-is-builtin-module node-isexe node-json-stringify-safe node-lockfile node-lru-cache node-mime node-minimatch
  node-mkdirp node-mute-stream node-node-uuid node-nopt node-normalize-package-data node-npmlog node-once node-osenv node-path-is-absolute node-pseudomap node-qs node-read node-read-package-json node-request
  node-retry node-rimraf node-semver node-sha node-slide node-spdx-correct node-spdx-expression-parse node-spdx-license-ids node-tar node-tunnel-agent node-underscore node-validate-npm-package-license
  node-which node-wrappy node-yallist nodejs nodejs-dev nodejs-doc
Suggested packages:
  node-hawk node-aws-sign node-oauth-sign node-http-signature debhelper
The following packages will be REMOVED:
  libldns-dev libssl-dev
The following NEW packages will be installed:
  gyp libjs-inherits libjs-node-uuid libssl1.0-dev libuv1-dev node-abbrev node-ansi node-ansi-color-table node-archy node-async node-balanced-match node-block-stream node-brace-expansion node-builtin-modules
  node-combined-stream node-concat-map node-cookie-jar node-delayed-stream node-forever-agent node-form-data node-fs.realpath node-fstream node-fstream-ignore node-github-url-from-git node-glob
  node-graceful-fs node-gyp node-hosted-git-info node-inflight node-inherits node-ini node-is-builtin-module node-isexe node-json-stringify-safe node-lockfile node-lru-cache node-mime node-minimatch
  node-mkdirp node-mute-stream node-node-uuid node-nopt node-normalize-package-data node-npmlog node-once node-osenv node-path-is-absolute node-pseudomap node-qs node-read node-read-package-json node-request
  node-retry node-rimraf node-semver node-sha node-slide node-spdx-correct node-spdx-expression-parse node-spdx-license-ids node-tar node-tunnel-agent node-underscore node-validate-npm-package-license
  node-which node-wrappy node-yallist nodejs nodejs-dev nodejs-doc npm
0 upgraded, 71 newly installed, 2 to remove and 32 not upgraded.
Need to get 7,517 kB of archives.
After this operation, 25.1 MB of additional disk space will be used.
Do you want to continue? [Y/n] 

meu sources.list:

$ cat /etc/apt/sources.list

deb http://ftp.us.debian.org/debian sid main contrib non-free
deb-src http://ftp.us.debian.org/debian sid main contrib non-free

# 3rd party
# deb http://www.deb-multimedia.org unstable main non-free
deb [arch=amd64] https://download.docker.com/linux/debian stretch stable
# deb-src [arch=amd64] https://download.docker.com/linux/debian stretch stable
deb http://http.us.debian.org/debian/ stretch main non-free contrib

Alguma ideia do porquê? Você acha que eu deveria relatar um bug?