Open source software is a prime target for supply chain attacks.