Folks need to take this more seriously. Make sure you’re checking the source of your dependencies. Check for signed commits. Inspect the source code. Open source is provided as it is. It’s your job as the “consumer” to validate and weigh the risks.