The issue is the idea of introducing an external dependency for a one line function that anyone with a rudimentary understanding of programming should be able to write in their sleep. The idea of sharing code isn't flawed here, but the risk / reward in these cases is very much out of whack.
The risk / reward of using npm is always there. It doesn't matter how big the package is. Any dependency is a risk? You're free to not use the dependency. Nobody is forcing you.
If someone wants a 1 line dependency, I say let them. I have zero issues with that.
Again, if you think something is not how it supposed to be, maybe YOUR view on what it supposed to do is whack instead?
