Supply chain attacks are on the rise. This is the easiest way to ensure you aren't using a "poisoned" library.