Node is fine, the issue lies in its package model and culture:

* Many dependencies, so much you don't know (and stop caring) what is being used.

* Automatic and regular updates, new patch versions for minor changes, and a generally accepted best practice of staying up to date on the latest versions of things, due to trauma from old security breaches or big migrations after not updating for a while.

* No review, trust based self-publishing of packages and instant availability

* untransparent pre/postinstall scripts

The fix is both cultural and technological:

* Stop releasing for every fart; once a week is enough, only exception being critical security reasons.

* Stop updating immediately whenever there's an update; once a week is enough.

* Review your updates

* Pay for a package repository that actually reviews changes before making them widely available. Actually I think the organization between NPM should set that up, there's trillion dollar companies using the Node ecosystem who would be willing and able to pay for some security guarantees.