In March 2016, thousands of JavaScript projects began failing to compile when a single package, left-pad, disappeared. The left-pad was a library with a single method that simply left-padded a string to a specific character width. Several foundational JavaScript libraries depended on left-pad. In turn, many projects depended on these libraries. Thanks to the viral nature of transitive dependencies, thousands and thousands of open source and commercial codebases had a critical dependency on this fairly trivial library. When the package was removed from NPM (JavaScript’s Node Package Manager), a lot of programmers had a rough day.

Adding a dependency on existing code seems like a simple decision. Don’t repeat yourself ...