I'm not, in the least. I'm aware of the supply chain issues and CVEs etc.

One thing I want to separate here is number of packages is not a quality metric. For instance, a core vue project on the surface may have many different sub dependencies, however those are dependencies are sub packages of the main packages

I realize projects can go overboard with dependencies but its not in and of itself an issue. Like anything, its all about trade offs and setting good practices.

Its not like Java as an ecosystem has been immune either. The `Log4Shell` vulnerability was a huge mess.

My point isn't to bash the Java ecosystem, but nothing is immune to these issues and frequency is a fallacy reason to spread FUD around an ecosystem because it lacks context.