The thing to realize is that nixpkgs is not a package registry but a repository. The difference is that repositories are usually manually curated and geared towards a certain purpose (e.g. set of software packages that are reasonably up to date, secure and compatible together). Registries, on the other hand, allow people to publish packages and do not care about compatibility.
Package managers using registries can ensure some degree of compatibility using dependency constraints but that brings its own problems:
- proliferation of different versions of a single package in the closure (when dependency bounds are non-overlapping)
- not all environments support multiple versions of a single dependency (e.g. shared libraries tend to get symbol clashes)
- you get combinatorial explosion of package closures so caching build products from compiled languages is no longer feasible
- older versions often contain accrue security vulnerabilities so they either need to be marked as such or manually updated, adding maintenance costs
So really, this is just trading coverage for manageability and maintainability.