Because npm 5 was a pretty big update that fundamentally changed how a lot of npm portions work, in order to close the gap between it and Yarn, a competing package manager. The 5.0 release was super rushed IMO (I personally hit several bugs), but if you stuck to node LTS you skipped over most of the v5 breakage (now it works 99.99% of the time again, and when it doesn't work deleting node_modules usually does the trick)

npm v5 is still deleting private packages - the issue has been open, accepted and replicable since npm v5 was released - see https://github.com/npm/npm/issues/17929 nad various related issued linked from that page. This sucks if you use a monorepo.

yarn workspaces works a treat though.

package management is a harder problem than most people seem to want to admit. I've run into tons of issues with every package management system you can think of: rpm does some extremely dodgy caching stuff at times, navigating maven dependency trees to identify the offending version of slf4j that is harshing the vibe, etc.

I can't think of a single package management system that works well and people seem to love.

Nuget. Can't remember last time i had issues.

Cargo?

> which itself is up to version 5.x

Major version numbers in Javascript are defined using SEMVER. What this means is that a major version only implies that a breaking change was included (e.g. the API contract is different). It doesn't really have anything to do with a classic pattern where V2 is seen as the second phase, and V5 is seen as the fifth phase, etc, of a project.

A breaking change should not be made lighthearted. It can cause a lot of inconvenience for your userbase.