default-deny of libraries is probably a good rule of thumb for writing maintainable react code. i'm not sure we'd reject hiring someone who doesn't understand why, but it's something senior folks should learn after maintaining enough oss code in the relevant oss ecosystems, and if someone hasn't, we'd catch+teach as part of standard SDLC.
tools like snyk.io overviews of most packages show why so many are landmines you're planting, not time savers. if you've never felt that pain... that's interesting. it's odd to not be hit by their issues when things like major upgrades happen (every year or two, right, else you're outside of LTS windows!), routine scans+penchecks, and other aspects of writing code that isn't going to destroy your customers safety + team's productivity.
tools like snyk.io overviews of most packages show why so many are landmines you're planting, not time savers. if you've never felt that pain... that's interesting. it's odd to not be hit by their issues when things like major upgrades happen (every year or two, right, else you're outside of LTS windows!), routine scans+penchecks, and other aspects of writing code that isn't going to destroy your customers safety + team's productivity.