@nprofile1q... supply chain attacks are a lot harder if you know:
- what your dependencies even are.
- Why you are using them.
- Where you gt it from.
- Who you get it from.
Not that they can't still happen - it's just a lot harder if there is an *actual* dependency-dependant relationship beyond cargo dropping a mysterious loot box full of function calls on your head.