This isn't just a one-off: hackers are increasingly targeting widely-used software to hit lots of users at once.
Previous big attacks like Log4j and 3CX show how important it is for developers to lock down their accounts and keep an eye on updates.
Open-source libraries need strong security because so many people rely on them every day.