Open source maintainers may find their packages continue to be used despite lack of active development, and may face unexpected security risks when granting permissions to other contributors. In a specific case, a maintainer granted permissions to help fix critical bugs, only to have the contributor introduce obfuscated code with malicious intent after an initial period of seemingly genuine contributions.