How would you evaluate and select third-party libraries or tools for a software project in terms of security risks?

``` I would start by assessing the library's source and community reputation, including its usage on platforms like GitHub for active maintenance. Next, I would review any known vulnerabilities associated with the library using databases like CVE or Snyk. Finally, I would analyze the library's licenses and terms of use to ensure compliance with the project’s legal requirements. ```