A lot of libraries are maintained by a single person.

Are those the ones typically involved in supply chain attacks?

There are no perfect solutions; but, let's be reasonable.

	▲	themafia a day ago \| parent [-]
		xz has dozens of contributors and two active maintainers. It was the actual example I was thinking of. The code was submitted by a third party and not a result of a developer machine compromise. left pad wasn't a security incident. It was a capitalism incident.