Or they could get a list of deps, and just get their engineers to occasionally keep tabs on a few random deps. Random would be almost as good as systematic if a few companies did it.
Check the security of the infrastructure (is it one guy?), check whether some the code is correct (either randomly or systematically, not just checking the first file you see), etc.
What's the incentive? Well, checking your dependencies is a way to upskill. You learn as much reading code (especially the code you are relying on) as you do writing code, and most of a programmer's job is learning.
Check the security of the infrastructure (is it one guy?), check whether some the code is correct (either randomly or systematically, not just checking the first file you see), etc.
What's the incentive? Well, checking your dependencies is a way to upskill. You learn as much reading code (especially the code you are relying on) as you do writing code, and most of a programmer's job is learning.