add security advantage of depending on core library. After reading about NPM supply chain attacks, emphasize core functions of Roundup are available without reaching out to PyPi.