Comment by bee_rider

One way to not include any unaudited open source code is not to include any open source code!

I think when people point it out—that open source code is great, but comes with no strings attached and no guarantees, so you need to audit it to use it safely—they are often trying to say something about the ecosystem. That dependency growth is out of control. That it isn’t really as simple as git pulling the code in.