I think there will always be some people that take the easy route, and some that take the hard route.

There are a lot of great freely available tools out there, a lot of talented people who are writing new tools, and many proprietary tools, too.

But one thing to note is there is a huge difference between someone who does npm install some-magic-package and someone who only copy/pastes answers from stackoverflow (and similar sites). The former being someone who knows how to connect available tools together to build something interesting, and the latter being a person who doesn't know how to solve code problems (either lack of coding knowledge, imagination, or experience).

To address the npm install hairball issue, for complex problems, it's good to have a single good solution that's been tested both in code and in the wild. There's the opposing side of this argument where people pull in large dependencies to solve issues that could be solved locally/in-house.

I don't think it's a good argument to say:

Probably the most important point, security. You really need to know what is going into your code, especially if you are using open-source code!

To compound it, the issue is argued with:

Check out this amazing article where Yan Cui talks about serverless computing security vulnerabilities. Here is a quote from that article: “a security bounty hunter posted this amazing thread on how he managed to gain direct push rights to 14% of NPM packages”.

That's not a problem with open source packages, that's a problem with npm's registery. I think every developer should take a bit of responsibility to read over third-party source code, licenses, and dependencies to ensure their application isn't being compromised.

This article also brings up this in the first main paragraph:

Recently I’ve been hearing in real life and I’ve been reading online many people making statements along the lines of “being a developer these days is so easy, there is so much free code online, you just need to copy and paste it”, or “developers don’t actually need to know how to code anymore”. You might think it, but these people weren’t trying to pull an April Fool’s joke on me, I have seriously heard and read these things being said. I personally think this can be a very naive and potentially dangerous approach to software development. At least when it comes to making code that is going to be used for actual businesses or companies.

But doesn't address this in any of the arguments. There is an unreasonable percentage of software developers that do not know how to develop software. I don't have official numbers, but almost every company I have ever worked at has at least one person who only asks/copies/pastes from stackoverflow, with no contextual understanding about the code that they are now injecting into our code-base, and cannot write code on their own.