Ok, so first of all I don't think saying npm lacks security is fair. They're probably one of the largest targets for attacks, so I'd say they've been doing quite amazing even though there's been a couple of bumps.
That said, indeed the Go ecosystem doesn't have the abundance of packages of node.js, and this can be an issue for some problems that you might want to solve. But in general, I'd say there's enough Go packages that creating most programs doesn't require building everything from scratch.
I guess the big difference is how node.js embraces frameworks like node express, while Go shies away from them. This is more of a cultural difference rather than technical, I'd say.
Often, in Go, you'll see people writing web servers without any framework and I think that's not because of a lack of frameworks (beego, buffalo, etc do exist) but rather a sign of the quality of the net/http package itself!
Go does provide a lot of different packages to be used as toolkits rather than frameworks (e.g. the Gorilla Web Toolkit) and you can find them quite easily on godoc.org.
Is there any specific field of work that you feel Go packages are missing? I'd say Data Science and Machine Learning are two of them, but not sure node.js has a better ecosystem for those than Python.