This is what happens when security is an afterthought. Open-source repos need better vetting, ASAP. https://www.reddit.com/user/f311a