You can say this about any dependency you use: npm packages, apt packages, code snippets used, weird upstream stuff like XZ.
This is why you have runtime security. You're never going to check ALL you dependencies everywhere.