Interesting. I guess ideally everyone would quickly refactor their package to the latest version of their dependencies and everything would always be up to date with latest. That would minimize code bloat. Which is even more reasons for the JS ecosystem to never break APIs ever. Since a breaking change makes this move to the latest version require more work from everyone.
But, what when the ideal doesn’t happen? Now two libraries you might depend on can both require a different version of a third dependency. If the choice is not being able to release your product due to unresolvable conflicts, or having a bit of code duplication (though arguably it’s different code that behaves differently, and so not totally duplicate), which one is worse?