Ideally anyone running production code involving computers that handle money (even if the code itself doesnt), should review any libraries, fully understand what it is doing before importing them.
This means that you essentially cannot use javascript, ruby, python, or rust. All of them are orgies of dependencies autofetched and updated in a practically unaudited manner.
(Sure, it's technically possible to use these languages without their ecosystem, but it's impractical and moots much of their benefits).