I agree with you and disagree in some aspects.

Blindly including packages is indeed a bad sign. Almost all open source packages in npm, Ruby gems or in my case Gradle, can be found on github. I always like to read the code of a package before including into my project. That’s always a good filter. As for the part that no developer will know to write things on their own is not a relevant concern, maybe most will not, and maybe those who do not don’t really need to do it. The beauty of package managers is that allow non developers to write their solutions to their problems, researches, scientists, hobbyists, etc. In a company environment it is up to a team to decide if is really worth include a whole MB package for a few methods.