It can happen to every ecosystem that depends on free open source dependencies maintained by somebody else for free.

Thats the problem here. Convenience is a vulnerability