TL;DR Read your prospective dependency’s source. You might find evals for no reason.

I normally read a good chunk if, not all of the code of a dependency before I add it to my projects except in the case of community standard things such as ActiveSupport or Sequel. Going over a prospective dependency today just bore fruit in proving why you should always do this. NewsAPI is a neat little API for fetching news who’s docs just so happen to show a ruby gem. Being the lazy developer I am I’d like to use the gem than build another API client, but before I do that I read the source as one should. Low and behold what do I find but the evil eval in the code for a dirt simple API client. No thanks.

https://github.com/olegmikhnovich/News-API-ruby/blob/master/lib/news-api.rb#L47