The year-long rash of supply chain attacks against open source is getting worse

Backdoors snuck into 12 OSS packages were downloaded hundreds of thousands of times.

arstechnica.com