Interesting, thanks for sharing your anecdote. Upvoted.
I am openly admitting I don't care. Such libraries are in a huge demand and every programming language ecosystem gains them quite early. So to me the risk of malicious code in them is negligibly small.
To me it’s not just the risk of malicious code, but also convenience. For example, if I’m using a scripted language and sharing it in some form with users, I don’t want to have to worry about keeping the library updated, and fight with the package manager, and ship extraneous files, and…
I am openly admitting I don't care. Such libraries are in a huge demand and every programming language ecosystem gains them quite early. So to me the risk of malicious code in them is negligibly small.