When less is better....

When it comes to writing software, taking on dependencies from source code that you haven’t authored comes with some amount of risk, regardless of the origin. Many modern package managers for various programming languages can rapidly transform what seems like a small easily digestible code base into a horrible spaghetti-mess of dependencies both shallow and deep.

Sudo-rs dependencies: when less is better

How do you handle this issue and keep a watchful eye on all of the dependencies your code base has? Manual intervention? Automation? Luck?