[ufmace]

I'm going to have to disagree with that. Micropackages may seem nice at first, but they're a nightmare to manage longer-term mostly due to low-skill project management. Many such packages make breaking API changes, sometimes without obeying SemVer standards. Some are effectively abandoned, and don't get updates for regular bugs, security issues, etc. Sometimes the lone developers responsible for them may delete them in a fit of pique (left-pad anyone?). Sometimes they get taken over by malicious entities who might add obvious or subtle malware to it. I'm pretty sure all of these have happened already.

That's not even what's important though. What's important is, how can you ensure that none of these things happen to any of *your* projects dependencies? It's virtually impossible when there's a thousand of them. Are you going to audit that string manipulation micro package when you first add it, and then for every version update from now on, to ensure that nobody slipped some subtle malicious code into it? And do the same for every other micro package in your project, including all of the ones that the big ticket packages depend on?

All of this would be much less relevant if it had a more fully-featured standard library.