If you give a hoot about code security, you already know that popular code-package managers and repertories, such as Node Package Manager (npm) and Python Package Index (PyPI), are overstuffed with vulnerabilities and the malware that goes with them. What none of us knew is that PowerShell Gallery, Microsoft’s central repository for sharing PowerShell code, including PowerShell modules, scripts and Desired State Configuration resources, has the same kind of problems.
Source: The New Stack