This also including copy-paste from Gist or GitHub blobs, vs installing from / cloning the repos.
Copy-paste seems to have benefits, although it probably cannot be versioned directly.
- Not only size-aware, but also content-aware.
- Removing necessary codes and streamlining to your projects are easier.
- Bug fixing is yours, and can be easier. Not fixing bugs is a vulnerability.
- Dependencies' code is still code, and I believe that usually, the less code, the safer.
- Not really sure how to deal with LICENSE, though.
As NPM might be full of a few lines' packages; but not sure about how other repositories (e.g. PyPI) do, what do you think?
So, should I publish a Gist, a GitHub Repo, or a Package?