How can open-source projects better protect themselves from malicious contributions or compromised dependencies?