[lmm]

All that is true, but I think the fact that Maven has supported multiple repos and proxy repos for decades is a significant factor. SonaType deserve credit for being good stewards, but it's also relevant that they have had real competition (e.g. jFrog ran a similar public repository until recently) and if they did ever behave badly then for many organisations it would be a 1-line change in their Maven config to switch, which creates rather different dynamics compared to NP, PyPi etc..