Open source died in March. It just doesn't know it yet.

Five supply chain attacks in twelve days. The vulnerability scanner was the vulnerability. One Teams call with a North Korean actor posing as a recruiter was enough to poison a library with 100 million weekly downloads. Credentials stolen in the first attack fueled the second, the third, the fourth. Hundreds of thousands of secrets are still circulating right now.

This isn't over. It just moved off the front page.

In zombie movies, there's always a moment before anyone realizes what's happening. Someone got bitten. They felt it happen. They've been pretending it didn't ever since, sleeves down, fever masked, acting normal. The others know what happened, but they decided not to look. By the time anyone says anything out loud, the outcome is already decided.

That's open source right now. The bite happened years ago - event-stream, SolarWinds, tj-actions, a slow accumulation of near-misses that the ecosystem absorbed and moved past. But March was when the eyes turned too yellow and too much liquid started oozing from too many orifices to ignore.

The classic thumb drive analogy

For years, I've used the same analogy to explain this: installing a package from PyPI or npm is the same as picking up a thumb drive off the sidewalk and plugging it into a production server.

Ken Thompson said essentially the same thing in 1984 in his Turing Award lecture - you cannot trust code you did not totally create yourself, and the tools you'd use to verify it might already be compromised. The industry heard it, nodded, and built npm anyway. Not because they didn't believe it, but because it was too easy to use, too easy to pretend the problem wasn't real, and too terrifying to grapple with what had to change if it was.

I wasn't smart enough to discover this. I was just too dumb to ignore it.

Stop peeing in the pool

I gave a talk in 2024 called "Stop Peeing In The Pool." The pool was open source licenses - fauxpen source licenses sneaking into the shared dependency space, degrading the commons one clause at a time. It turns out the analogy was even more appropriate for a different pool.

Everyone has a threshold. You're comfortable swimming in the ocean, even though cruise ships dump waste out there. Comfortable in an Olympic pool knowing people pee in it. But nobody gets into a hotel bathtub after a stranger used it without draining it first. Some amount of contamination is tolerable when the volume makes it feel abstract. You're not in the bathtub with it, you're in the ocean.

event-stream in 2018, SolarWinds in 2020, ua-parser-js in 2021, tj-actions in 2025 - each one we freaked out about, wrote the blog post, and went back to swimming in the same water. Each one was absorbed by the ecosystem, just as the ocean helps us pretend the cruise ship didn't just dump sewage a few miles away.

How enterprises consume open source is changing

Open source isn't actually broken. Open source is just software published under a license. The Linux kernel isn't going anywhere. Neither is curl, or OpenSSL, or any of the infrastructure the internet actually runs on - and none of it got safer or more dangerous because of the events in March. What changed is how enterprises consume it. PyPI and npm aren't open source; they're distribution mechanisms that happen to carry open source software - unreviewed, unsigned, with assumed trust baked in at every layer. The zombie isn't open source. It's the way you've been consuming it for the last twenty years.

What's changed?

So why did March feel different? Two reasons.

First, this stopped being a security conference topic. Karpathy tweeted about the LiteLLM compromise. Elon retweeted it with two words: "Caveat Emptor." When the world's most-followed person is worried about supply-chain attacks, it's not niche anymore.

Second, the attacks are now in the open, and they aren't stopping. It's not a stray Baby Ruth bar some kids dropped into the pool as a joke. Someone pulled up in an RV and started dumping their waste tank directly into the pool. They're still there, and nobody can make them leave.

How the industry responded

The response was exactly what you'd expect. Everyone reached for the same tools that were already failing: Rotate your credentials. Pin GitHub Actions to commit SHAs. Add a soak period. Audit your lockfiles. Do all of it. It's also roughly as useful as a pool filter in a contaminated bathtub.

There are two categories of vendors who'll tell you they've solved this. The first harden images after the fact, stripping packages, minimizing attack surface, trying to make upstream binaries safer once they've already landed in your environment. The second scan for malware before things run, looking for known-bad code, suspicious patterns, and compromised packages. Both have real customers. Both are wrong.

The hardeners are working downstream of the attack. The trust decision has already been made: you pulled from an unmanaged source and handed it to a tool to clean up. In March, that made them accelerators. The pipeline was compromised before the hardening step, so all they did was move malicious software faster and more efficiently into production.

The scanners are working against an adversary that's already beaten them. The Axios attack was pulled hundreds of thousands of times before a single scanner flagged it. LiteLLM wasn't caught by a scanner; it was caught because a developer's machine ran out of RAM. xz-utils was caught because someone noticed ssh felt slow. We built the most sophisticated security ecosystem in history, and we're still relying on luck.

The vendors selling you a dashboard showing how contaminated your pool is aren't solving the problem. They're monetizing your tolerance for it. Putting makeup on the zombie while it's peeing all over the place isn't a security strategy. It's just a longer, sadder, grosser goodbye.

There are only two ways out: Review all the source yourself and build it, or get it from someone you trust who does. That's it. There's no third option.

March isn't when the bite happened. It's when the smell finally became impossible to ignore.

Ken Thompson told everyone 40 years ago. We've been working on the answer for the last five, and we're still just getting started. Shortcuts aren't going to cut it. We're building an alternate universe of open source from our own trusted root, with control every step of the way. Not because March happened, but because it's the right and only way to fix this, and we've known that since before it was anyone else's problem.

Our water's fine. Come on in.