Anyone have other solutions than “not invented here” syndrome for malicious code in widely-used packages?

#codeReuseIsGood