Open source is a powerful tool that has significantly accelerated technology advancements over the last 20 years, with almost every organization using open source code. However, this also brings security risks due to the vulnerability of the supply chain and the fact that many libraries are maintained by unpaid teams in their spare time. A recent attack on a widely used node.js module highlighted the potential for compromise when the inherent vulnerability of the supply-chain gets exploited. The attacker took advantage of the trust built through contributing to the library, befriending the maintainer, and eventually merging malicious code into the master codebase. To prevent such incidents, deep and continuous security testing is essential, as simply securing one's own code does not guarantee the safety of the code others write for it. The power of the crowd can also be leveraged to identify impact and severity through online discussions and reverse-engineering efforts.