www.alliance2k.org – The modern software supply chain runs through a handful of quiet, overworked guardians: open-source registries like npm, PyPI,…