Full code audit is very time consuming. It’s impossible to audit all software someone uses. However if I know nothing about project, I do a short look at the code to understand if it follows best practices or not and make some assumptions about the code quality. The problem is that I can’t do this if I’m unfamiliar with the programming language the project is written in, so in most cases I try to avoid such projects.