I think the fact that everyone cites the same is-number package when saying this is indicative of something though.

Like I legit think that we are all imagining this cultural problem that's widespread. My claim (and I tried to do some graph theory stuff on this in the past and gave up) is that in fact we are seeing something downstream of a few "bad actors" who are going way too deep on this.

I also dislike things like webpack making every plugin an external dep but at least I vaguely understand that.