Is There a Recursive Nature of Package Management?

package managers have been around for years, but they're getting more complex. There is no trust anymore when you run PIP install or NPM install from anybody on the internet that signed up for that repository. People will have to start getting more rigorous about what's in their code and how it's being used. Dan Chard: My company has a bunch of open source tools which help solve security problems easily.