Yep, I've been burned by that many times. Eventually you have to trust in authors' use of semver or other versioning systems, and that _too_ has bitten me poorly.
I think a big portion of pain is around the sheer depth of the dependency trees we wind up in npm/js land these days - a trivial little service can wind up with hundreds of disparately maintained dependencies, and you just have to shrinkwrap, hope, and cross your fingers things work out.
This wouldn't be a problem if people recognized that every version they release into the wild ends up used by someone, and backwards-breaking changes should be weighted appropriately.
I don't know that we're at that point in the ecosystem yet. Is there a good JavaScript framework that is operated by a team committed to keeping its API stable?
I think a big portion of pain is around the sheer depth of the dependency trees we wind up in npm/js land these days - a trivial little service can wind up with hundreds of disparately maintained dependencies, and you just have to shrinkwrap, hope, and cross your fingers things work out.