>I just run programs that don’t do shady shit.

you hand-audit every update for every program you run? can you share your workflow to do this?

otherwise, i am not sure how you can possibly guarantee that the programs you are running "dont do shady shit" (or, "wont do shady shit" in the future). there have been several compromises of non-shady programs and libraries in recent memory.