TBH, 98% of security problems in the Python ecosystem boil down to mission critical projects using old versions of libraries or straight up unmaintained libraries, where the library in question is 100+ megabytes of who knows what, but the project only imports one function, the utility of which the devs could have recreated themselves in 15 minutes without needing to use the library, especially lately when everyone just imports what the AI tells them to import.
TBH, 98% of security problems in the Python ecosystem boil down to mission critical projects using old versions of libraries or straight up unmaintained libraries, where the library in question is 100+ megabytes of who knows what, but the project only imports one function, the utility of which the devs could have recreated themselves in 15 minutes without needing to use the library, especially lately when everyone just imports what the AI tells them to import.