According to the OpenSSF, package repositories are a critical point in the open source ecosystem for either allowing or preventing attacks. Simple actions like well documented account recovery policies can have a significant improvement on security.
Source: SD Times