Would totally depend on the project and what kinds of risks were appropriate to take given the nature of the project. But as a general principal, for all kinds of development: "Bringing in a new dependency should be A Big Deal." Whether you are writing a toy project or space flight avionics, you should not bring in unknown code casually. The level of vetting required will depend on the project, but you have to vet it.
Would totally depend on the project and what kinds of risks were appropriate to take given the nature of the project. But as a general principal, for all kinds of development: "Bringing in a new dependency should be A Big Deal." Whether you are writing a toy project or space flight avionics, you should not bring in unknown code casually. The level of vetting required will depend on the project, but you have to vet it.
Skim through the code? Sure it's likely to miss something, but it still catches low-effort and if enough people do it someone will see it.