Yes, and it isn't the only problem.

I think the continuous churn of versions accelerates this disregard for supply chain. I complained a while back that I couldn't even keep a single version of Python around before end-of-life for many of the projects I work on these days. Not being able to get security updates without changing major versions of a language is a bit problematic, and maybe my use cases are far outside the norm.

But it seems that there's a common view that if there's not continually new things to learn in a programming language, that users will abandon it, or something. The same idea seems to have infected many libraries.

IME there’s a core set of very popular Java libs you can go very far without adopting obscure libraries you’ve never heard of. Eg apache-commons, spring, etc. the bar to adopt a 3p lib seems higher in some ecosystems than others.

Node is on another level though.

It's cause they have no standard library.

No, it's absolutely not the same.