Improving the security of open source repositories and keeping malicious components out requires a combination of technology and people.