If you're so paranoid, then you use offline or isolated environment for important things.
Ideally anyone running production code involving computers that handle money (even if the code itself doesnt), should review any libraries, fully understand what it is doing before importing them.
This means that you essentially cannot use javascript, ruby, python, or rust. All of them are orgies of dependencies autofetched and updated in a practically unaudited manner.
Developer let the dependency automatically updated? From what i've seen (in my country), most developer don't even bother dependency and it's OS because they're being lazy or afraid something will broken (deprecated library, breaking changes, etc.) which make their software have serious security vulnerability.