Golang has a really nice package management in my opinion. NPM is kinda bloated and security leaves much to be desired...
Also, my previous office project's node_modules weighted 5 gigabytes...Half of the installed packages were including lodash (different versions), moment.js and other popular js helpers libs. It would be really nice if this can be somehow unified so that I don't have x versions of some packages installed. Most of the package authors are not updating their dependencies, leaving users with security flaws sometimes.
So basically, no, NPM has a long way to go yet to be a really good package management (and JS really need one).
AFAIK, both yarn and pnpm keep the only version of each dependency.
I think yarn doesn’t but pnpm works that way for sure.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.