One of the strengths of Homebrew, despite it being unpopular, is being willing to break backwards compatibility when necessary.
NPM’s unwillingness to do so reflects GitHub’s: both show excessive caution that harm both security and usability.
https://nesbitt.io/2026/03/31/npms-defaults-are-bad.html
nesbitt.io
npm's Defaults Are Bad
The npm client's default settings are a root cause of JavaScript's recurring supply chain security problems.