So, the accumulation started to show off and I realized it was a joke, but honestly I just first thought you were incompetent… :-P

But that, and your “JavaScript clickbait enthusiast” motto, along with the BuzzFeed style title, are the final nails in the coffin…

Oh well, at least, I hope my comments can serve for people even more naive than myself (if possible) and show that some fact-checking is useful…

Beside entertainment, your article serves a purpose, which I will suppose was part of the original intent. It shows you have to be a bit cautious about the dependencies you use. Those you introduce explicitly, and all those than come with them.

The issues you show are fictional, but not impossible: yes, you can introduce some adware, or even some virus in your system by this way; yes, a lazy programmer can introduce a dependency for a one-time use for a trivial task, adding a pile of hidden sub-dependencies; and well, one can leave some dead weight in NPM projects, like test code or examples (eg. mkdirp found in babel-core dependencies) or silly images…

Let’s say, thanks for the entertainment, and for all the fish. :-D