TARGETING THE SOURCE Supply-chain attacks on open source software are getting out of hand Attacks affected packages, including one with ~2.8 million weekly downloads.