Every dependency you add is a supply chain attack waiting to happen

benhoyt.com

Dependencies are a huge supply chain security risk; the more of them you have, and the more often you update, the bigger the attack surface.