It can have supply chain attacks like npm... That high quality library system is also a liability.