Great post! I must admit I added an external script via js in a similar manner recently (it's not in production yet luckily, so granted I get some solid advice here, that'll definitely change). The reason behind that was that I wish to download the lib dynamically only on a certain spa route. How would you handle such a situation?
External scripts aren't really a big problem.
I would recommend that you have add it to your CSP, generate an SRI, and make sure that require SRI for is enabled in your CSP.
That way, if the external script ever changes then the browser won't even load it.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.