I don't think that's accurate. Most devs and thus companies treat NPM as a utility. Maybe very large companies would not feel it, but if NPM went down tomorrow there would be utter chaos on the internet.
Someone upthread asked "why is NPM different from PyPi/pip in this?"
There are lots of practical answers - PyPi is open source, Python packages aren't so fragmented, and so on. But honestly, a huge part of the difference is that PyPi has sponsors like PyPi and AWS using its baseline implementation. NPM's private repository system means the public system just doesn't have that kind of pressure on it.
Good point. Presumably they're fixing versions, even companies on public registries should do that to avoid re-licensing issues, but it'd be an unreasonable legal & security risk.
I guess my broader thought was that PyPi is a more reliable free offering than NPM because it's not focused on a 'premium' version for the biggest users. But that's different than AWS - presumably they're sponsoring it in a broader "making development accessible is good for AWS" sense.
It's funny because reflecting on this thread later, I got what you were getting in that: the mere fact that NPM offers a private registry means that they are having to split focus on the two offerings. I completely agree in that sense!