If I'm going to use some library, at a minimum I read the API docs (getting a sense of the quality of the library from how well-thought-out the API is and how well-written the docs are). That's a long way from copy-pasting a few lines of code from SO without understanding what they do.
Furthermore, it's a lot easier to take the time to understand what a few lines of code from SO does than it is to audit a dependency thoroughly.
I have thankfully avoided the world of NPM, but when I've had to use it I've found it very difficult because a lot of packages don't really have API docs.
Furthermore, it's a lot easier to take the time to understand what a few lines of code from SO does than it is to audit a dependency thoroughly.
I have thankfully avoided the world of NPM, but when I've had to use it I've found it very difficult because a lot of packages don't really have API docs.