Libraries and extensions do not need the security check as they should not have
any restrictions concerning the other libraries they are installed alongside
with (unless those would create breakage). Libraries and extension also should
not have a version-controlled
composer.lock (which usually is used for
Instead, the projects and distributions (i.e., for TYPO3 installations) need to have the security checks.