> using tons small dependencies instead of larger trusted ones
That’s certainly not what the JavaScript community as a whole does. If anything that’s closer to the way many other languages do it with large standard libraries.
> There's of course malware concerns, but that's why you don't use things that aren't popular with a million eyes on them unless you want to check it yourself.
Those popular libraries often have hundreds to thousands of dependencies and sub dependencies themselves, many of which almost certainly don’t have a million eyes on them.
That’s certainly not what the JavaScript community as a whole does. If anything that’s closer to the way many other languages do it with large standard libraries.
> There's of course malware concerns, but that's why you don't use things that aren't popular with a million eyes on them unless you want to check it yourself.
Those popular libraries often have hundreds to thousands of dependencies and sub dependencies themselves, many of which almost certainly don’t have a million eyes on them.