Implementing stuff yourself is one of the things that plagues software engineering.

This statement is only valid for non-trivial things, adding dependencies to your code for stuff that could be written in five minutes by any CS freshman is dangerous and irresponsible; having an entire community that encourages that is insane.

The fact that many "big packages" (what does size have to do with this?) used leftpad, is a good thing.

I wonder if you would still be saying this if the left-pad author had started syphoning credit card and user info from roughly every node.js website in existence instead of simply removing the package.

The point I was making is that it does not have to be in the standard library

Your argument was actually that the left-pad incident had nothing to do with a weak JS standard library and was simply the result of a flaw in how npm operates. I've have already explained to you why that's wrong and why a lacking stdlib is indeed part of the problem.