The trend towards increasingly granular modules in open source software is leading to a complex dependency tree with hundreds or thousands of dependencies. Understanding and navigating this complexity can be challenging, and malicious actors may exploit these dependencies to introduce unwanted code into applications. A study on 14 package managers found that the number of dependencies for a representative open source package varies widely between ecosystems, but the average number of dependencies is relatively consistent across communities, with most packages pulling in fewer than five dependencies. This highlights the importance of considering all dependencies, not just those directly brought in by the developer, to ensure the health and security of an application.