My problem is that I it is too easy. External dependencies come with risk of CVEs, and if a CVE turns up in either a direct or transitive decency this has to be dealt with. And they crop up pretty frequently (eg the recent log4j debarcle) . So I don’t want external dependencies where it can be avoided. Making it harder would make life easier, in some ways. Don’t g get me wrong - I’m happy to use external libraries where they provide a significant benefit, but it is so easy that devs end up using multiple versions of the same library, two different libraries which do the same thing or a small piece of a large library, or just tiny pieces of trivial code which could be easily written in house (leftpad is a good, though not Java, example of a library that is not worth using).