Open-source software has become a fundamental component of modern software development, with its integration into commercial applications recognized by the European Commission as a public good. However, its widespread use raises security and compliance concerns, as vulnerabilities can expose organizations to risks. While discussions often focus on consumer-side security measures, this text highlights the perspective of open-source maintainers like Bryan Van de Ven, co-creator of the Bokeh project, a Python library for data visualization. Bokeh, with over 2.5 million monthly downloads, faces threats such as typosquatting, compromised build pipelines, and threats to asset integrity, prompting maintainers to implement robust security practices. Tools like GitGuardian are employed to detect leaked credentials and prevent security breaches, ensuring the integrity of the software. As open-source projects continue to grow, maintaining security becomes crucial, requiring vigilance and innovative solutions to protect the software supply chain from malicious actors.