Independent of the language, I only use external code if it is small enough that I can manually review it. Often I refactor it into a single file during this process.
This of course excludes the majority of packages out there. But apart from security, it has another benefit: These dependency very rarely break and need updates. So compared to projects with a more complex stack, projects with a lean stack are easier to maintain.
It would be great if there was a "single small file packages" movement so that more lean open source software will be created.
Refactoring into a single file sounds like a bit of a pain, since you have to do it every time the external code gets updated. Also how do you deal with dependencies that come with their own dependencies? Do you avoid them?
As an added benefit it also collapses all contained dependencies license files into a single licenses.txt file too!