[dasil003]

Mm, you're talking about a microcosm of the buy-vs-build question. Only junior developers would obliquely state that using a library is always "working smarter". A much bigger aspect of working smarter is deciding that you don't need to build something at all because it's the wrong approach to solve a business problem.

[moftz]

At my job, we have a mix of stuff we do in house and stuff we contract out. We could have our in-house subject matter expert spend all of his time developing a component or we could hire a company that already makes the component and has a great track record. Sometimes things are cheaper to do in house, especially when a one-off just needs to get built and quality control isn't a major issue. But in my line of work, quality control can be a major thing sometimes. Sometimes it's cheaper to go with a component that's been fully tested and has the documentation to go with it. If we want to implement the component in our product line, we then develop it in-house after the first run is completed. A lot of our vendors are our competitors for certain components so there is always a discussion when we need to buy something from them.

[dasil003]

Sure, me too. These are huge decisions. At my previous company I greenlit building our own CDN on bare metal. Sounds crazy right? But factor in limited content library, on-the-fly DRM and packaging, and long tail of global users all of a suddent it is not so crazy.

The fact is whether to use some random NPM library is a strawman, in the case of left-pad it's trivial either way. The more interesting question is how you assess the stability risk of NPM.