If your dependency is sqlite or a webserver, don't bother. But I agree that nowaday the tendency is to import even the most trivial of things.

There is a line that has to be drawn between "depends on legendarily well tested database" and "depends on 20 pieces of random npm code where the import statement is longer than the sourcecode". Do you really need to import an external dependency that removes whitespace at the end of a string?

Unless you are one of the people who really vet their dependencies heavily surely dependencies are just used because they save you time and you trust others that it is going to be okay. This is why we need harder liability laws for software errors.