Other ecosystems have better protections against compromised packages? I don't see it.