https://talaat.dev/blog/10-ways-to-secure-your-open-source-dependencies