It seems like AI would be the perfect tool for code package repos like NPM and PyPI to use to scan all new uploaded code and alert on vulnerabilities.