Open source software is foundational to the modern software industry, offering a collaborative and expansive ecosystem that drives innovation, but also presents significant security challenges. Recently, the npm registry faced a serious security threat from the Shai-Hulud worm, which compromised maintainer accounts and injected malicious scripts into widely-used JavaScript packages. GitHub responded by removing the affected packages and enhancing security measures, including enforcing two-factor authentication (2FA) and introducing trusted publishing to mitigate future risks. The transition to more secure practices, recommended by the OpenSSF Securing Software Repositories Working Group, is being progressively implemented across various package repositories to safeguard the software supply chain. GitHub's commitment to fortifying npm's security is supported by the broader open source community, emphasizing the shared responsibility in maintaining ecosystem trust and integrity.