[gerfficiency]

Putting the TLDR here because it's really good, and the minimum that one should take from your great article:

The takeaway here is that not all third party code will jive with your app’s intentions. Not all developers take security precautions. Not all libraries on NPM are worthy of being a part of your application. The moment your own code becomes the minority shareholder in the repo and you’re depending more other developers around the world to keep your company afloat than you are yourself, you better make sure you have vetted the code upon which you’re depending. If the head of dev-ops tells you you can’t use a library, trust her judgement before resorting to Millennial cynicism.

On our own projects and experimental R&D efforts, let’s have at it and make bleeding edge code that changes every day. In a professional environment on code that will be used in production in E-Commerce scenarios, though, for the sake of all that is sane in the world, let it bake. Let the community vet it for us! We need to build sites on stacks that don’t implement breaking-changes every week simply because the primary contributor had a stylistic change of heart. We need to use libraries and frameworks that recognize exploits and take extra security measures. Customers trust us with their personal information, credit card numbers, photos and media. We owe it to them to give a shit.