I think something like cargo vet is the way forward: https://mozilla.github.io/cargo-vet/

Yes, it's a ton of overhead, and an equivalent will be needed for every language ecosystem.

The internet was great too, before it became too monetizable. So was email -- I have fond memories of cold-emailing random professors about their papers or whatever, and getting detailed responses back. Spam killed that one. Dependency chains are the latest victim of human nature. This is why we can't have nice things.