I honestly think that if more people who understood how to do the things most packages do had the time to examine most of them closely, they wouldn't use them.
A great example of this is the "how NPM broke the web" snippet from a year or two ago, where the offending function EVERYONE was blindly re-using was a simple string-pad of zeros.
Thing is, said padding routine was like a really crappy port from the K&R C book by someone who barely understood JavaScript, doing something that that modern scripting engines (which if you're using node.js you have) HAS 90% Of THE FUNCTIONALITY BUILT IN! (String.padStart) -- which is why the ONLY reason to even include that lib was as a polyfill for old browsers, which 99.99% of people using NPM wouldn't NEED!
It's a trap I see people using packages off NPM falling into more and more -- replicating existing functionality -- POORLY -- with shoddily written code. Blindly trusting that some other developer has already invented the wheel properly doesn't mean much when I can walk up, kick the tire and it falls off the rim!
Though that's why when people use the LAME EXCUSE "don't reinvent the wheel" I reply "what if someone had said that to John Dunlop or Eddy Michelin? We'd still be riding around on steel bands heat-shrunk onto wood hubs is what.
Sadly far too many packages now are little more than shovelware; for developers who know nothing BY developers who know nothing is NOT a long term and unsustainable model, and it's slowly infecting every level of development from server-side packages to client-side frameworks.
Though a lot of that can actually be blamed on how easy it is to share code, and collaborate WITHOUT the 'benevolent dictator' at the reigns. But again, I'm from the age where a project manager did his bloody job and rode herd on the development team, instead of going "let git do it" whilst sitting there playing Farmville all day.