Package manager maintainer struggles with supply chain security

A solo package maintainer reflects on the recurring problem of malicious dependencies slipping through—and the near-impossible burden of vetting thousands of packages alone. It's a sobering look at the infrastructure costs that fall on individual makers.