@Just Simmonds I could also see that

in a world full of ai-generated attacked on dependencies, this world of npm install 1000 modules might make less sense

simplified software, mostly offline, could become pragmatic security praxis (actually always was)