The open source supply chain is under attack, and while the best time to secure CI was yestercommit, the second best time is now.
My first response to the litellm hack was to audit the top 15k PyPI packages' Trusted Publishing status, since my initial response was a sense that community audits were as much a part of an appropriate response as individual responsibility.