Do NuGet or npm ecosystems support strict dependency allow-list enforcement similar to enterprise Maven governance?

[talentedashish33-oss]

We evaluated Maven Parent POM inheritance and found that Maven does not natively support a strict dependency allow-list model where:

Child projects may use only centrally approved dependencies
Any additional dependency declarations automatically fail validation/build

The closest approaches we found are:

Maven Enforcer rules
Custom Enforcer plugins
External validation/governance tooling

We are trying to understand how this problem is typically solved in enterprise environments.

Questions:
Do ecosystems such as NuGet/MSBuild or npm/yarn/pnpm provide stronger native support for dependency allow-list enforcement?
What is considered the standard enterprise governance model today?