> Those who argue that having a dependency like left-pad adds risk to their project are essentially arguing against having any external npm dependancies in their project.<p>No they absolutely are not. Having a few dependencies is something that almost all software has.<p>Depending on left pad means more than just "I'll have problems if it is removed".<p>It means you'll have problems if it is modified. It means you'll have problems if it has a vulnerability that needs to be fixed. It means you'll have problems in tons of different circumstances. Depending on things willy-nilly is a bad practice.<p>Trusting left pad written by god knows who is a little different than trusting something like jquery that has been around for 15 years.