How do you vet third party libraries before letting them into your environment?

Any organization that develops proprietary products often utilizes third party modules and libraries when developing - rather than reinventing the wheel and coding the same capabilities from scratch.

For example - if an application reads CSV files, the application may use a third party library to read and manipulate the CSV file in code.

What are good business practices around third party libraries and how do you vet each library before letting it into your environment?

application business business practices capabilities code coding csv cybersecurity environment files library may modules organization party practices products third vet