In any application with a lifecycle longer than your average "TodoMVC example" dependencies become a liability: You have to make or be sure than they are going to be around and still compatible with your current and future code. If you blindly add dependencies this problem gets more complicated.
b) a bad/old/hacked project (correctly typed) can run unintended code on your box
c) both of the above conditions are considerably more severe because they can be triggered with near-zero friction (unlike a gemfile, which are manually pulled-down and code is run from a separate command. Gemfile results are also generally small enough (1-2 pages) that one can visually spot typos if you are monitoring the output
d) complex dependency systems can often turn into dependency hell
e) (IMHO) instantly-available dependencies potentially reduce a given programmer's likelihood to attempt to solve their problems with the language itself (i.e. don't use Cassandra when a Dictionary will do) ... the nodejs community seems especially susceptible to this
I could be wrong, but I think he might mean that people should take care not to add too many dependencies to their project - if it's too easy, then it might result in unnecessary dependencies and brittle code.
However, I'm not sure I agree with the statement - you could use this tool and still have the discipline not to pull in random packages.
The idea is that people in general go down the currently-easier way, which is
"add the dependency", leading to microdependencies and left-pad idiocy in npm
case.
If there is a friction, the balance is changed a little against pulling
dependencies, at least those most trivial.