[hepta]

What if lodash itself was unpublished? I'm having a hard time drawing a line here, obviously a 10 line function is too far on the bad side of lazy, but I can't tell what is an acceptable dependency.

[neolefty]

I think it would be annoying but recoverable. It's used so widely that somebody would republish it, at worst under a different name.

Edit: But there would sure be a period of chaos.

[joesb]

So it's the same with pad-left. But some how people are wrong for depending on pad-left.

[msbarnett]

If you depend on Lodash, you depend on Lodash. You have 1 point of failure.

If you depend on 2,000 tiny individual modules, each from different authors, you depend on 2,000 tiny individual modules. You have 2,000 different points of failure. Any one of those authors going rogue will break your build or compromise your system, and every one of those tiny modules has a lot less attention and care paid to it than a larger library like Lodash.