When an open-source component reaches end of life (EOL), the risks extend far beyond that single package. Most components rely on third-party libraries, creating chains of transitive dependencies.