Yep, but there’s a big difference with how I treat dev and production dependencies. I wouldn’t use something nearly that large in production. Typically I look at a dependency to see if I could maintain it myself if necessary because it’s always risky to depend on a third-party.
In my opinion, fork it and fix it or stop using it. Also, warn others if you have the capacity.