>it's their own fault for not reading all the code beforehand or for using a package manager, when every single person does the same.

But like, isn't that actually the core of the problem? People choose to blindly trust some random 3rd parties - isn't exploiting this trust seems to be inevitable and predictable outcome?