php – What to do when you simply cannot trust anyone anymore?

I need a CSS crusher and it must be made in PHP or be a very trusted stand-alone CLI application. The only thing I can find is this: https://github.com/peteboere/css-crush

It’s not been updated in over a year, and the one “issue” submitted on Github is from 2018 with no reply.

My gut feeling is that this is a “real project”, but also “likely semi-dead at best”. However, even if it will be updated, I know nothing about who is running this or how trustworthy they are.

This question is not about that library specifically. The same thing happens constantly to me: I’m so scared that malware will at some point be fetched with some update, if not directly the first time it runs, that I severely cripple myself in terms of not being able to trust and thus use almost anything.

There truly seems to be no way to be even reasonably sure about this. It’s insanity to run all these things straight on my machine. I have numerous times tried to make some kind of “sandbox”, whether it be through a VM or Docker, but whatever the reason is, it’s just not practical and frankly, I just can’t comprehend Docker at all. I’ve long since given up on trying to use that or similar things before it. There’s “chroot” and “jails” for some OSes, but it’s a nightmare to grasp and set up. It’s simply not “reasonable”, and I don’t trust that they are sandboxed/secured anyway.

I truly envy those who are able to just go along with (almost) any claim and just trust random entities without worrying. I used to, and never noticed any malware, but for all I know, my entire computer life could have been documented in real time through RATs/trojans spying on everything from the webcam/mic to private files and wallet.dats…

There’s frequently exactly ONE (1!) library for any given problem. There’s no “wealth of choice” to pick from. I can’t pick “something else”. And even if I could, the same problem applies to that as well.

“Auditing” the source code reads like a joke to me in how unrealistic it is.

How can I possibly trust anyone in this world where almost everything that comes out from everyone’s mouths or is written is a lie? It’s a freaking miracle that I’ve (apparently) avoided malware for all these years. Either that, or there are actually far fewer dishonest and evil people out there than I believe.