The whole problem we face, me included, management sees nice and shiny, they say we want shiny, I say, ok, but I can make nice and shiny as well since we have inhouse now, why shift? they say others have done the heavy lifting and this is nice and shiny, you end up with nodejs.
You install a plugin that depends on 800 dependencies, you have to make sure, all 800 are safe, good luck.
The other problem, you have one company that can do just as well, proprietary code, 1 is better than 800, you think, but proprietary means you are at the mercy, nobody can check, what could go wrong, someone finds something, you are at the mercy of propriety code vendor, who releases updates every other month that once installed require 3 reboots and break some shit. There, go and ask proprietary code vendor to fix y for you, just ... for you, you cannot fix it, you have no source access.