> you do avoid worries like "will I have to update this dependency every week and deal with breaking changes?

This is not a worry with NPM. You can just specify a specific version of a dependency in your package.json, and it'll never be updated ever.

I have noticed for years that the JS community is obsessed with updating every package to the latest version no matter what. It's maddening. If it's not broke, don't fix it!