I would say Javascript's lack of a standard library is at least in part responsible for encouraging npm use, things just spiraled out of control from there.
[not a dev] why isn't there the equivalent of "Linux distributions" for npm? I know I know: because developers all need a different set of libs. But if there were thousands of packages required to provide basic "stdlib-like functionality" couldn't there be an npm distribution that you can safely use as a starting point, avoiding importing asinine stuff like 'istrue' (yea I'm kinda joking there). Or is that just what bloated Frameworks all start out as?
There could, this would essentially be in the form of a standard library. That would work until someone decides they don't like the form/naming conventions/architecture/ideology/lack of ideology/whatever else and then reinvent everything to do the same, but in a slightly different way.
And before you know it, you have a multitude of distributions to choose from, each with their own issues...
Who is shipping/maintainig this ? Even node itself is maintained by OSS. That's one of the advantages of Microsoft .NET ecosystem - you can do a lot of stuff without pulling anything not shipped by Microsoft. I don't know of any other ecosystem that's as versatile with so much first party support.
Source available beats open source from a security perspective.