[geostyx]

I think it's partly because the JS ecosystem doesn't historically have a solid standard library. Doing simple things can require checking for null/undefined/does the runtime support it, etc. Why do it the hard way when you can NPM install it and call it a day?

That's my understanding of it anyway.

[Jcampuzano2]

The number of libraries reached for on your average JS app is humongous compared to basically any other programming language I've worked with, partially due to this.

I think it's also just a footgun of the JS community. People tend to jump to "what package do I need to install for this" much quicker instead of thinking "how can I solve this".

Every recent JS developer that is learning through online material is constantly berated with "just install this dep, and this dep, and then this one", to the point where it's normalized to have a dependency that comes with who knows what for something that could be a few lines of code and maybe some witty google-foo.

[vimax]

That and an aggressive auto update with lax version constraints for transitive dependencies leads to frequently downloading untrusted code.