Supply-chain attacks through public repositories have become more frequent of late. Here’s how to deal with them.