I think you're confusing js with node. node typically doesn't run on the frontend, but can be used when developing the front but it won't be running on the users browser.
No confusion here. Node.js is an entire ecosystem, and npm is a child of that mess. It is absolutely famous for the massive gobs of absolutely junk it pulls in to satisfy dependencies a frontend dev could manage with 4 lines of native js.
You may rail on about how npm != node, but everyone considers npm to be 'node package manager', no matter what the initialism actually stands for.
Node.js is a server runtime, it does not run clientside at all. NPM can be used to download server OR client JS packages. A frontend bundler tool (e.g. webpack) can analyze a dependency graph of your client-side entrypoint and bundle all the NPM deps used, which will then be sent and executed on the client. No Node.js components or code are run client-side at any point (caveat - some packages can work server- and client-side).
