Not sure if this is a statement or question. Assuming it's a question: Me and my team uses npm, but we're careful about what we pull in. If the dependency has too many dependencies themselves, we either find a alternative, fork it to remove bunch of stuff we don't care about or write something ourselves.