Working at a cybersecurity *aaS company has both made me paranoid about 3rd party code that I pull and also made me realize that at some point paranoia is paralyzing and some amount of risk is necessary.

Bad idea? Likely.

Worth the squeeze? YMMV.