@nat That's honestly not a very good example; JS is specifically known for its "never break old code" policy (which is why 30 year old websites still work today), and the canonical dependency management (with npm) is isolated to the project so you could leave the dependencies frozen in time for a given application forever without anything else on the system ever getting in the way.

Sure, you *can* update your dependencies. And sometimes you may *need* to do so because of security issues - that is fundamental to network-connected software, and not a thing the language has control over. But it is an entirely valid, and viable, option to just leave your JS thing entirely untouched for a decade and run it like it was built yesterday.