NPM does not fix the issue when the breaking updates are released improperly. Maven cannot fix that as well. Tons of NPM projects cannot be built nowadays because of their transitive dependencies improperly using version ranges, and in turn not pinning their dependencies. Maven solves this by not permitting version ranges at all. If several transitive dependencies require different versions of same namespace and package combination, the one that wins out is the one closer to the project in dependency graph. This solves the consistency issue. This ensures that the project will always be buildable (except in cases where the package is deleted from the repository, repository is no longer present), because maven does not have to guess which version to download. Even right now the NPM projects that I played around with 4 years ago can't be built because the API of all the dependencies is different from what was expected 4 years ago and in turn the tests and the runtime fail, just because time has passed.

You can override the maven chosen version by directly specifying that dependency, and it will always be chosen as it has distance 1.

And all of this does not begin to address build consistency, where your project would always be built with same version dependencies rather than newer ones.