http://www.perlmonks.org?node_id=11128272

In Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies, Alex B details installation of potential malware via (semi)official channels of installing software in Python (PyPI), Ruby (RubyGems), & Node/Javascript (NPM). Their efforts were part of bug-bounty programs at various companies.