Truth be told, I’ve very rarely specifically audit code of projects I use. Sometimes when something is broken or is missing a feature, I will go in and try to remedy that. On a couple of occasions I’ve noticed other bugs that I then fix too.

The only exception to that are when I’m using some random script I’ve found on the internet - I will read through it to see what it does. This is somewhere between “software I download” and “copy-paste development”, as I will often also tweak the script to suit my needs better.

I don’t think it’s humanly possible for a single person to audit everything they are using. There are millions (perhaps even hundreds of millions?) SLOC in any desktop Linux installation, it would take decades of effort to even skim all that for obvious faults, let alone properly audit it. If you are crazy enough to use something like Dusk OS, then I could see it, but how many people are?