"Perhaps developers simply shouldn't use unaudited or sketchy-sourced code in production"
I'll go with that one please
Researchers have developed what they say is a new web privacy system for Google Chrome and Mozilla Firefox: we're told it blocks dodgy JavaScript code from funneling sensitive information to crooks. The Confinement with Origin Web Labels (COWL) system tries to protect websites that rely on JavaScript libraries written by third …
Yes, but that would mean investing time in auditing the code. In a production environment, the point of using third party tools is to save time, so spending that time is going to get push-back from management if it even occurs to the devs to do so in the first place. I fully agree with the sentiment, but it is going to be a hard sell in order to get this added into a coder's SOP.