Do you have an example of those things you're alleging?
All package malware related news I see are related to users being affected by it (then security firms do their analysis whatever) ...
Analysis and detection are not the same.
Analysis and detection are not the same.