Yeah, npm never has "version lock" where it can't figure out a valid solution to the version constraints.

This is mostly good, but version lock does encourage packages to accept wide ranges of dependencies, and to update their dependency ranges frequently, instead of just sitting there on old versions.