Leaked credentials in open source packages pose a significant risk, exposing users to potential security breaches and malicious activities. The problem is not new, but as code becomes more discoverable, it's essential to take proactive measures to prevent such incidents. To ensure proper security guidelines, developers should follow best practices outlined by Snyk, including avoiding wildcards in git add commands, naming sensitive files in .gitignore and .npmignore, encrypting or using environment variables when publishing from CI, and invalidating leaked credentials. As an open source consumer, while there's limited you can do to prevent security blunders, being proactive by auditing dependencies and setting up safety nets like git-secrets can help mitigate risks.