I wrote this blog article to address several misconceptions I hear when I talk to engineering or infosec teams. The problem of malicious software packages isn't really well understood, so I thought I would try and tackle some misconceptions head on. I hope you enjoy it!
