I am referring to validation in the build-backend only. Because of the restrictions/difficulties to bring dependencies in.
I am not referring to other tools like package indexes (I don’t have an opinion about those, because don’t have experience implementating them).