One of the largest open-source package repositories just spent a weekend cleaning up after a malware campaign that did not break into anything. It did not need to. Attackers seized control of more ...