[BossingAround]

It's open source. If you want to use the functionality but don't trust a random internet user named ankitpokhrel, you can literally gut the project, copy-paste the code you understand, get basic functionality to work, and you can be pretty much certain that there is nothing nefarious going on.

I have done that multiple times. It's not very time demanding, because the working code is there, and all you're doing is essentially deleting code you either don't understand, or don't need. At the same time, you're reading the code you do use.

[edgyquant]

Which the IT guy won’t want to do and will tell you to just use the web interface

[cuteboy19]

And imagine yourself in the IT guys shoes. Some rando expects you to audit something that at most one or two people use and probably contains a hundred vulns which would very likely never be fixed anyways. Why would you bother with such a request

[BossingAround]

We do that frequently. "I wrote this code" -> audit while I use my code -> "OK/please fix this or that".

I am the customer of our IT, I don't know why it should be any other way. It's noteworthy though that I don't work in a tightly regulated sector.

[chpmrc]

The premise is that you don't want to audit the source. It's extremely costly and you end up doing it for every update.