This is how I program. It's very minimalist, I try to use as few dependencies and possible. It has its pros and it has its cons:

Pros:

- No external vulnerabilities

- Almost everyone can understand the code, easy onboarding of more devs

- Good long term feature speed.

- Good terminal speed.

- Higher moat, more R&D, more proprietary tech. More in-house understanding of a broader slice of the tech stack.

Cons:

- Slower initial development speed.

- Needs more specialized, lower level devs.

- Might introduce custom vulnerabilities (Think living in the woods vs living in the city security models)

The raison d'etre I externalized this, is that I hired a family member that was fresh out of college, took him as an apprentice, and I noticed he often tried to install random packages to solve specific issues, so I documented how I would lock the requirements file, for consistency.

After that I just started adding more conceptually similar decisions, and there's quite a few of them. There's a lot of inspiration in Spolsky's Wasabi in that both the dev environment and the actual product are supposed to work on machines as they come in standard distributions, without any additional configuration.

Another cons is that it's not a very marketable skillset, when applying for positions it just doesn't look great that I don't know any of these deeper stack technologies. And positions that don't require deeper tech are usually bombarded by junior profiles, which are harder to discern. It's not sexy, it doesn't sell.

Another pro is that, since having a virgin codebase is only ever possible at early stages of a project, and going from a clean minimalist state to a clusterfuck is an irreversible process, it's a virtue that I think is worth delaying as long as possible. These cop-outs in programming are super useful, but they are like lifelines, Stackoverflow, npm install, LLM Code Generation, yes they work wonders, but every time you start using one of those, then you will forever from that point onward need to keep using them, and the development velocity will soon stabilize, so when starting a new project you should pace yourself. The longer you hold out the bigger the reward, if you wait until 2030 to start using dependencies and 2035 to start using agentic coding, you will win the marathon, let the competitors get their accolades for the 100m.