• GolfNovemberUniform
    link
    fedilink
    arrow-up
    1
    arrow-down
    3
    ·
    4 months ago

    Reading through the code of the dependency is not required. What is required is reading through the merge request to see if the dependency isn’t used for malicious or wasteful purposes. Checking on the authenticity of the dependency is a good idea too.