I think there’s already a big market of supply chain security companies that are proactively scanning dependencies for this sort of thing.

They’re always racing to be the first one to write an article about a case.

you raise a really good point. if everyone is doing this at exactly the same lag then it will eventually start hitting groups in sync at the exact same time