yeah security researchers at security companies are the ones we are talking about.
reply>We’re not talking about security researchers here:
replywe are.
"companies" in this context is "security companies" (hence why they are "downloading and inspecting every package", which would not make sense if referring to the people authoring and shipping a single package)