I don't think it's reasonable to expect all software developers to understand everything they use. That would be like demanding that electricians build their own soldering irons and power supplies.
For software development to thrive we have to have tools that can just be grabbed off the shelf and slotted into place. The fact those tools can't be trusted is a serious concern but I don't think that expecting every software developer to understand what those libraries do is the answer. The answer is to come up with a system that ensures we can trust those libraries.