Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google

The Google and OpenSSF Package Analysis project aims to reduce security risks created by developers' crazy package-updating schedules.