How does it compare to NixOS?

I’d be very skeptical of claims that Debian maintainers actually audit the code of each piece of software they package. Perhaps they make some brief reviews, but actually scrutinizing every line for hidden backdoors is just not feasible.