Random #pldev and #packagemanager idea: In the build system, developers should explicitly grant permission for packages to execute risky tasks like accessing the filesystem or network. This includes all transitive dependencies. By doing so, any suspicious behavior introduced by updates to dependencies or their dependencies would be apparent.
I am certainly a noob in this area and are not certain whether this can be an effective strategy to mitigate #supplychainattack
