There is room for such alerts in many ecosystems. For example, WordPress: There should be alerts for stale plugins, plugins that have recently changed authors, and other metrics for awful plugins. It could be condensed into a trust level rating from 1-5. That's only one example.