Dependence on software libraries and frameworks continue to grow in popularity. More scrutiny is being placed on reviewing the source code of these dependencies for security vulnerabilities, but little attention is being placed on software dependencies while in transit. In this talk, we will expose weaknesses in software delivery mechanisms and show how malicious software can be added/injected into popular software libraries during transit. We will also demonstrate the impact of these weaknesses using a newly developed tool and provide advice and guidance on defending against these attacks.