That comes down to due diligence... I look at my bundle outputs and overall package size... I also review the packages I use, and tend to avoid anything that isn't open source. I've also forked packages that have issues I need resolved.
You have all the control in the world, and just because someone is lazy doesn't mean it doesn't work. Beyond this, you probably don't review every single line of code that goes into your applications dependencies regardless of language. It's about impedance vs productivity for the most part.
I tend to, at least with front end projects focus on koa for the server tethered to the UI, React and material-ui ... nearly everything else is one-off building from there. Unless you think the likes Facebook and Google are just one random guy.
You have all the control in the world, and just because someone is lazy doesn't mean it doesn't work. Beyond this, you probably don't review every single line of code that goes into your applications dependencies regardless of language. It's about impedance vs productivity for the most part.
I tend to, at least with front end projects focus on koa for the server tethered to the UI, React and material-ui ... nearly everything else is one-off building from there. Unless you think the likes Facebook and Google are just one random guy.