Conversely, your efforts to not bring in a dependency are being paid for in code you have to write and test and hope doesn't trip over a more fundamental security flaw or exploit somewhere. If you have problems they're now bespoke, there's no userbase of knowledge out there.
And there's a big difference between going from ZERO dependencies, to 1. Because once you've got 1, the complexity cost has been mostly paid already so your efforts not to bring in other dependencies are going to be marginal.
So the question is, are you really saving time or complexity by avoiding the dependency management process, or just wasting it deferring something you'll already have to do later? Is it wise to constantly reproduce the same common code across multiple bits of software, rather then write it as your own library anyway (at which point you'll be inheriting a dependency management process as well, even if it's only internal).
And there's a big difference between going from ZERO dependencies, to 1. Because once you've got 1, the complexity cost has been mostly paid already so your efforts not to bring in other dependencies are going to be marginal.
So the question is, are you really saving time or complexity by avoiding the dependency management process, or just wasting it deferring something you'll already have to do later? Is it wise to constantly reproduce the same common code across multiple bits of software, rather then write it as your own library anyway (at which point you'll be inheriting a dependency management process as well, even if it's only internal).