Why does a single file mean you only have a trust a handful of maintainers? Each line of the ~4k lines could have been written by a different person and merged by a different maintainer.
because generally projects like these have some opinionated person who is maintaining it, which actively blocks "get the ssh-keys"-patches. compare that to the 100+ dependencies of your typical node-package.
Having many dependencies can be a problem. And the node ecosystem is a total joke.
But if the question was why not split it up into smaller files (which it was), then that's nothing to do with the number of dependencies or the number maintainers. My point is that auditing a program with no external dependences doesn't get any easier if the code is contained in one file or across ten.
