Boffins rate npm and PyPI package security and it's not good
Guess what? Open source security still has gaps The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find....