> Go, Rust and Nim go one step beyond NPM by compiling language dependencies down to a single binary file
And the person in security hat now says: so how do you deal with library upgrades? If you need to go back to original app developers to provide you with a new version just to update one library, then you've got a problem.
Rust gives you the option to dynamically link, and I expect Nim does as well. As for Go, I believe dynamic linking is somewhere on their roadmap, though I don't know how high of a priority it is.
And the person in security hat now says: so how do you deal with library upgrades? If you need to go back to original app developers to provide you with a new version just to update one library, then you've got a problem.