Do you only use software by people you know? At some point there has to be an element of trust when you run software you downloaded over the Internet. If a small utility maintained by a well-known member of the developer community doesn’t qualify for that trust, then I think that rules out an awful lot of software that all of us here probably use on a day to day basis. This is not an extraordinary level of risk.
I mean I usually use software that came with my computer or ones that I apt-install from the official ubuntu distribution. I know it's not perfect security but at least it's more than a hacker news link to a github pip. If I had to use other ones then it's usually from people I know.
