OTOH, reading point 3 of the proposed solutions and comparing it with the place I'm getting my dependencies from (distributions):
For example, package discovery sites might work to find more ways to allow developers to share their findings.
check, there is room for improvement, but the principle is there and is being used
Build tools should, at the least, make it easy to run a package’s own tests.
check
More aggressively, build tools and package management systems could also work together to allow package authors to test new changes against all public clients of their APIs.
check, as long as those clients are also available from the same source
Languages should also provide easy ways to isolate a suspect package.
this one isn't done, but the idea is that suspect packages don't get there in the first place. YMMV on what counts as suspect, however.