I've heard a lot about, and seen, numerous vulnerabilities in many package managers (npm, gem, and now python). Companies also spend a lot of time and money trying to vet these packages internally, and setup elaborate infrastructure to keep their systems secure.
Seems that there's a gap here that could be met by a company dedicated to package security and availability that just doesn't exist at the moment. But would anyone pay for it?
ROTFL, "doesn't exist". Ever heard of Linux and BSD distributions with their package repositories?