About open source
Every time I talk about open source to someone new, one of the first things they question is the security around running code that is open.
“Since all of these dependencies are open source, how do you know that they are secure enough to use in a real app?”
The short answer is:
It’s actually because they are open source that you know they are secure enough to use in a real app.
Being a popular open source project (such as gnu/linux, ruby, rails, etc.) means that not only a lot of people rely on using the software, but also tons of really smart developers around the world are looking through the source code, fixing bugs and adding improvements that they use on their own.
So shit never happens ?
It absolutely happens. However when it does, it is quickly fixed assuming it’s widely used and depended on.
There’s also a select group of developers (maintainers) who get to pick what gets added to the source code of the original project, so it’s not like anyone can submit malicious source code that fucks your computer up.
If you really disagree on certain levels, you are free to create a copy of the original file and write your own code. If enough people agree on your decisions, you will get their help to maintain it. If at some point you don’t want to maintain it, you simply give it away and let others take the torch.