I'm working with SBoM, one fun side effect is that you can scan SBoM's for vulnerabilities. Suddenly hackers, your customers and your competitors starts do to this and you need to make sure your third party dependencies are updated.

This reveals the cost of dependencies (that often are ignored).

I hope that we in the future will have a more nuanced discussion on when it's okay to add a dependency and when you should write from scratch.