npm can give you security warnings about packages. I wonder if there is space for an external dependency warning system for sites. 'WARN: godaddy has elevated security complaints related to service XXX' and the like when you push a PR. Add it as a GH action check and it goes against a public DB of complaints. Sort of a higher level 'do you trust your provider' check.

The core problem tight now is there is very little incentive for companies to fix their support since there is no easy way to advertise how bad it is compared to other companies. There is no natural market for the value of support since consumers don't have an easy/obvious way to compare built into how they do things day to day. An infra scan of services tied to public support metrics could help plug that hole.