In defense of external dependencies: For larger-scale things like applications it's incredibly difficult to do everything you need to do easily and well without relying on 3rd party code — some things I agree are super unnecessary (like the left-pad library that led to the original hoopla over npm) but others, like database clients, XML parsers, webservers, etc are exceptionally difficult to recreate and recreate well. I can tab-complete a basic rails app by myself in a couple hours (rails itself also being an external library) but if I need to dip into C code to write a performant webserver and robust database client every time I need to stand one up, it's going to take a lot more people and time to develop and maintain.
People shouldn't be auto-updating their code in production, but dependencies get re-installed in CI for running tests and sometimes get reinstalled when new code changes are deployed, so any time the current version gets yanked or overwritten it can cause a shitload of problems for the engineers working with that code, even if they're invisible. Part of my job is making sure that tests and builds run smoothly and only have errors when code changes actually cause tests to fail, since new changes can't be made or deployed until tests pass, so I know what sort of a huge disruption things like this can be to business operations.
In defense of external dependencies: For larger-scale things like applications it's incredibly difficult to do everything you need to do easily and well without relying on 3rd party code — some things I agree are super unnecessary (like the left-pad library that led to the original hoopla over npm) but others, like database clients, XML parsers, webservers, etc are exceptionally difficult to recreate and recreate well. I can tab-complete a basic rails app by myself in a couple hours (rails itself also being an external library) but if I need to dip into C code to write a performant webserver and robust database client every time I need to stand one up, it's going to take a lot more people and time to develop and maintain.
People shouldn't be auto-updating their code in production, but dependencies get re-installed in CI for running tests and sometimes get reinstalled when new code changes are deployed, so any time the current version gets yanked or overwritten it can cause a shitload of problems for the engineers working with that code, even if they're invisible. Part of my job is making sure that tests and builds run smoothly and only have errors when code changes actually cause tests to fail, since new changes can't be made or deployed until tests pass, so I know what sort of a huge disruption things like this can be to business operations.