The OpenSSF project is a new program sponsored by Google and other prominent tech corporations that aims to addresses  the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.