Unfortunately, preventing people from modifying the source of your package in this (or any similar) way would probably not be very effective. Users who want to change the source code of your application will figure out how to do so, as they have already shown with MainModules. And, it would probably even be easier to fork a package than it would be to fork a MainModule, even with this suggested restriction in place. (all you’d have to do is re-create the package root and then copy over the children)
There are definitely other approaches to take that could help solve the issue of people changing an application’s monetization code. For example, being able to customize the percentage that a developer receives if they sell your product in their game might make developers more inclined to keep your gamepass/product IDs the same. But, I don’t want to derail the thread too much, since the thread I linked goes into more depth and this thread is mainly about access permissions for packages.