Attackers uploaded fake Python packages to PyPI that posed as ... The Security Tradeoff The 2025 Software Supply Chain Security Report chart shows that 60.9% of malicious open-source packages ...