After many years using libraries without any sort of vetting process, I completely agree in principle that most code out there is bug infested garbage. One dependency had a concurrency bug so severe it almost cost our company our biggest customer early in our journey. We forked and completely rewrote the library as after looking at the source it was clear they didn’t have nearly as much care with their code as we did. This was the worst case but we faced many bugs in widely used libraries. We can’t replace them all as time is short but if we could we would probably replace most of them.