Is our current Open Source model broken?

I wrote a piece about the latest issue in the Node.js community, where (in case you haven't read about it yet) a hacker gain access (through social engineering) to the source code of a package and added an attack, potentially stealing crypto currency...