[sa46]

I don't think NPM is an example of a good dependency management system. It works, but it doesn't spark joy. Some issues I've run into:

- npm install ignores package-lock.json and uses package.json. The work-around is to use npm ci. https://stackoverflow.com/a/45566871/30900

- Flakiness. An acceptable solution to npm difficulties is `rm -rf node_modules; npm i`. Admittedly, this has improved a lot in recent years.

NPM also inherits the design preferences of the JS ecosystem.

- Simple packages have deep dependency graphs.

- Functionality is spread across multiple packages, sometimes at a granularity of a function per package.

- If you want types, you roughly double the number of packages you need.

[thrwaway69]

Half the issues you mentioned are due to the ecosystem/community (one liner packages and deep dependency isn't fault of npm but it might be an unintentional result of how easy it was/is to publish and reuse packages) and the other half I don't notice by using yarn/pnpm.

Getting types is optional and only required if you use typescript which you don't have to. It does improve the editor experience for vanilla js but those are put under dev dependency.

There are a lot of things that can be improved though.

Lot of packages put their config inside package.json which is honestly messy. The whole script part is a bit restricting. Better approach would have been to follow how mix (elixir) does it. Json is limiting as a format, no comments.

Like you mentioned, it inherits the mentality of js ecosystem. It doesn't feel part of node but a separate piece of its own.