Matthew Boston

AI Never Would Have Installed left-pad

January 20, 2026

The left-pad Lesson, Revisited

In 2016, a developer unpublished an 11-line npm package called left-pad, and half the JavaScript ecosystem broke. It exposed a real problem: the industry had developed a habit of importing trivial packages instead of writing trivial code.

At the time, the justification made sense. Why write something yourself when a tested, maintained package exists? The cost of writing it was low, but the cost of maintaining it — keeping up with edge cases, writing tests, handling bug reports — was ongoing.

What Changes with AI

AI fundamentally shifts this calculus. The cost of writing trivial utility functions is now effectively zero. An AI agent can write a left-pad function, add comprehensive tests, and move on in seconds. There’s no maintenance burden because there’s no external dependency. There’s no supply chain risk because the code lives in your repo. There’s no version compatibility issue because you control every line.

This doesn’t mean we should stop using packages entirely. Complex libraries that encapsulate genuine domain expertise — cryptography, date handling, HTTP clients — still earn their place in your dependency tree. The expertise required to get those right justifies the dependency.

But for simple utilities? The argument for installing a package is much weaker now.

Rethinking the Dependency Tree

Every dependency you add is a bet. You’re betting that the maintainer will keep it updated, that it won’t introduce breaking changes at an inconvenient time, and that its transitive dependencies won’t create conflicts. For complex packages, that bet is usually worth it. For trivial ones, it often isn’t.

AI gives us a way to stop making that bet for code we could easily own ourselves. Write it, test it, own it. Your supply chain gets smaller, your builds get faster, and your risk surface shrinks.

The Takeaway

The next time you reach for a tiny utility package, ask yourself: would AI just write this? If the answer is yes, maybe you should let it. Five lines of owned code beats one line in your package.json that points to someone else’s weekend project.

This article was originally posted on LinkedIn.