I think it’s increasing obvious that uncurated package managers (PyPI, NPM, etc.), while so brilliant for discoverability and development speed, expose a very large security risk. It seems to me there are two options:<p>- curated package manager, potentially paid, that ensure the security of the libraries available.<p>- languages/platforms that are able to sandbox, with permissions, at the library level.<p>I’m not sure what the way forward is but I don’t think the status quo can necessarily continue.