We don't know when attacks like these work.
We only know when we catch them.
Discussion
How many have you catch so far? I mean, proven attacks, not bugs.
None, I am not a security dev. These things require full-time pros to find.
this tool demo "SocketSecurity" is a big help to evaluate dependency threats!
solarwinds vibes