(I think this issue is really low priority but quite important to do one day so I want to start a discussing)

In my opinion keeping all third-party-libraries checked into the main repository is a bad idea. It makes it hard to see which libraries are outdated and have bugs, which may be already fixed upstream, which LICENSEs belong to which files and which files aren't used any more (There are placeholder background images from the first visitor popup lying around in /libs/jquery/images/)

For PHP libraries Piwik is (mostly) using composer to solve this issue, so I'd propose to do the same with javascript (and css) libraries and npm.

While bower also helps, it doesn't support as many libraries and even the bower team recommends switching to npm.

Since version 5 npm also supports a lockfile similar to composer which would make sure that the CI and the built package would have the same version as tested while developing.

Another advantage would be that we would have a well formated list of used libraries and their licenses (compared to LEGALNOTICE), which may help avoiding incompatible licenses (e.g. version 3 of jQuery.dotdotdot)

see also #6469, #12021