We rarely verify external libraries at all. Apparently it might be a mistake. When it comes to security, a huge one.
Simple and Terrifying Encryption Story
Kacper Walanus
13311

Yes exactly, you should always validate external libraries, use fixed versions, and track changes. For security, I wouldn’t trust anything under 1000 stars.

At least review the source code, that why FOSS is so important, just because you didn’t write it doesn’t mean you shourd automatically trust it works.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.