To be fair I prefer Maven, but probably more for the culture. In Node you generally ask for the latest version and hope it’s still available/the project still builds when you come back to it. pom files are more clunky but they do tie you down more
This isn't really true though. Npm supports a full selection of semver specifiers, including pinned versions & Maven versions plugin handles ranges allowing using the latest just as npm (pretty sure maven also does this natively). There's no difference in what each manager does here: any community difference is going to be incidental convention.
Npm also uses package-lock files which tie your install down strictly, in case that's what you're referring to?
I mean yeah, you’re right. But in practise npm allows you to wildcard version numbers. And when you come across old npm projects, you’re likely dealing with people that have wildcarded their dependency versions.
Sure if you start from scratch you can adopt idioms that work for you, but in general you’re more likely to get into dependency messes with npm than maven from my experience largely because of the wide use of patterns instead of locked down versions being pulled in.
