I wouldn't call "3643 packages installed, 1200 vulnerabilities" for a hello world "simple".
People have their problems with Maven but unless it's some overly complicated legacy project (where npm just explodes I guess? Like I have hD windows machines get frozen from deleting the node_modules folder), it just works and you just give a list of dependencies.
Publishing a Maven package is also excruciatingly complicated. By contrast, NPM is actually too easy. I suspect that we see fewer supply chain attacks in the Java ecosystem because attackers are like “you know what.. never mind.”
Gradle keeps on improving. I use it for Android, and even though it is complex, and then add the Android Gradle Plugin complexity on top of that, I would not trade it for the iOS build system.
One of my complaints with Gradle is that if you write a plugin (Java) it shares the classpath with other plugins. You might find some other plugin depending on some old version of a transitive dependency.
They are just different. I mean, setting up monorepo is far easier with maven over npm. Besides, maven offers basically cookie cutter project organization where every maven project looks like every other maven project.
As for other tooling JVM is just better than JS ecosystem. Definitely more complex, but also more powerful
