How can you trust that they won't just rug pull all of the code you've hand-audited when they merge some 1800 file PR written by an LLM? Even if you decide to hold off on any security updates or minor bumps until you can hand audit again, what's the point? You could just go back to Node where they aren't engaging in a modern day Ship of Theseus every other week.