[nukeop]

You do the same thing you'd do if anything else in your toolchain or runtime environment changes - change relevant code so it works again. Browsers change all sorts of stuff all the time and break millions of websites in the process. Easier to use a package manager to propagate the required changes to all dependent projects than copying and pasting bits of code between many different files.

[get]

That sounds scary. That means the security of your system and data is at the mercy of all those maintainers?

I can't imagine any big companies work like that. Execute code on their servers which is under the control of 'somebody from the internet'.

[nukeop]

I can't imagine the opposite could ever happen, be it small companies or big ones - there is not a single company on Earth that has the time to audit every line of every piece of software they run. Especially if that software is proprietary and source isn't even available.

[get]

It's not about auditing every line of code. It's about a chain of trust.

I can not imagine that the security of Facebooks servers is at the mercy of a chain of anonymous coders.