Indeed, I also use LLMs to suggest dependencies but:

- I ask the LLM for multiple options

- I tell it what I need and what I don't need

- I then look at the packages it has suggested. Sometimes LLMs suggest unmaintained packages with 5 downloads a month just because it came at the top of a web search.

- if it's not a very well known project, I look at the code, I have received vibecoded dependency suggestions before that don't even function

LLMs are useful resources for "getting the pulse of the ecosystem", but just pressing enter is crazy.