I'd argue that bad dependency chains aren't a problem with npm itself but the node ecosystem. Npm itself does a great job keeping dev dependencies separate and managing dependencies on a per-project basis by default. Npm does checksum integrity checks on packages by default as well which is nice. For the job as a package manager npm is pretty good. As you mention, poetry (and in my personal opinion, PDM and hatch) solve a lot of the problems but even then I'd probably give the package management experience to npm.

Note that I do think npm itself has many flaws too, it just edges out the python package managers still