Disaster was averted after widely used open-source packages were compromised via social engineering.