https://www.cojocarudavid.me/blog/10-ways-to-secure-your-open-source-dependencies