alt Hacker NewsIf you look at the issue list for any significant open source project, it's probably of nonzero size. That's a way of saying "no": just don't do it.
Maybe you're overloaded, maybe you just don't feel like it. It's totally normal, and different projects have different levels of resources, some with none anymore.
I have seen small utility libraries like tj-actions get compromised because there aren't any security specialists looking at the library.
My main concern is supply chain compromise.