How secure is your package repo? CISA defines four levels of security maturity, starting at zero

"Package managers are at a critical point in the open source ecosystem and have the capability to scale security improvements across open source ecosystems"