It sounds like our 2018 resolution should be "use npm packages that have groups of people who review the code" then, not "only use as many dependencies as you can hand audit." 
As a framework author, I can tell you that we vet transitive dependencies more than you might expect.
-
-
Well, I feel a lot more comfortable using the ~700 package ember-cli knowing that you're personally reviewing all of those transitive dependencies. ;-)pic.twitter.com/IWz4AL1Y1n
-
Not sure if I should treat this as a troll or keep trying to draw comparisons to other projects you think you trust. Like how many lines of third party code do you think are included in Chrome or Firefox, for example.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

)