project, they can reach a huge chunk of the global developer population.” Why It Matters Upstream supply chain attacks are becoming the weapon of choice for sophisticated threat actors. By targeting the trust built into open-source ecosystems, a sin