[bayesian_horse]

The assumption of 15-20 errors per 1k line of code can't hold for the most used libraries. Incidents like the Log4j mess are memorable because they are rare. I bet people have been crawling all over similar logging libraries for other platforms now, looking for similar problems.

Good luck not adding dependencies. What's the alternative? Maybe some of the dependencies can be avoided without cutting functionality. But really only by two methods: Either there is already another dependency doing the same work, or you implement it yourself. In the latter case, chances are that the code will be less mature.