> Among software developers, and especially among those who work on security-sensitive systems, there is a well-known maxim: Don't roll your own crypto. This does not mean that nobody is allowed to write cryptographic code. Someone has to. It means that, for ordinary production software that protects sensitive data of users, we should not rely on a private, unreviewed implementation that has not been vetted by the wider software development community. We should use established, vetted software packages or tools wherever possible.

The great things about all these crypto libraries are:

- Minimal to no dependencies

- Coded by security conscious people

- Often externally audited

I wish more libs/deps are crafted like them. Until then the risk of rolling your own vs using a dep isn’t as different as it could be.