"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...