The crazy thing is that today the JavaScript standard library is very robust, and yet the culture of pulling in a ton of dependencies persists. It's so much easier to develop code against a stable and secure platform, yet it seems the choice is often to pull in hundreds of bits of code maintained by many different parties (instead of doing a little more in-house).

I also wonder about it recently. Also in regards to Rust which is hailed as the great savior but has the same, minimal, approach to standard library and needs loads of dependencies.

No, I wish people would let this meme die.

Rust doesn't have a very broad stdlib, but it has an extremely deep stdlib. Rust's stdlib is huge for the things it provides. Classical JS's stdlib was neither deep nor broad.

Furthermore, tons of those "loads of dependencies" that people point to are crates provided by the Rust project itself. Crates like serde, regex, etc aren't third-party dependencies, they're first-party dependencies just like the stdlib.