I don’t think most practitioners spend a lot of time worrying about malware hidden inside an open source package. We worry about vulnerable code, sure. We worry about …
