Earlier this month this was a report that softhsm was available but not installable in CentOS 8 due to a "No available modular metadata for modular package" error. The solution was to enable the idm:DL1 module, but my understanding is that modular packages shouldn't be visible while their modules are disabled (this seems to be the behaviour in RHEL 8).
Looking in http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/ there are two versions of softhsm in the AppStream repository: * softhsm-2.4.0-2.module_el8.1.0+253+3b90c921.x86_64.rpm * softhsm-2.4.0-2.module_el8.1.0+265+e1e65be4.x86_64.rpm
The repository's modules.yaml file only describes one version of the module, idm:DL1:8010020200121181805:4a0acb9a:x86_64, which owns the newer package. When idm:DL1 is enabled this masks the older softhsm version but when it's disabled (the default) the newer package is removed from view, and with no repository metadata to indicate that the older softhsm is part of a module it effectively becomes an ordinary member of the AppStream repository.
So "dnf install softhsm" offers two different package versions based on whether or not idm:DL1 is enabled, instead of failing with "Error: Unable to find a match" when the module is disabled.
You can see a similar thing with the go-toolset module. It's enabled by default and disabling it should hide all of its packages. Instead, because a second version has been published (see the two versions of go-toolset, golang, etc at the earlier URL), disabling go-toolset makes the previous versions of all the packages appear as ordinary members of the AppStream repository.
I found https://bugs.centos.org/view.php?id=16808 from around the time of the 8.0 release querying the lack of older version data, and have commented on it, but I wanted to confirm that I haven't misunderstood the expected behaviour. For example, if nodejs:12 receives an update and the earlier package versions drop out into the main AppStream repository it seems that this might cause conflicts for someone installing nodejs from a third party repository, even if they've disabled nodejs:12.