So the issues are down to a lack of control
I can therefor create a package called noblox.js.jackpotnow and nobody is going to bat an eyelid until somebody actually wonders why that exists.
Somehow that does not strike me as "anyone can contribute", so much as "anyone can fuck it up".
I've got a feeling that the ease-of-contribution culture is going to get a healthy dose of reality check in the coming years. It's not because it's open source that it has to be a free-for-all. I'm sure developers are going to welcome a bit of verification if it means that their code can be kept from the dregs of the Intarwubs.
After all, what's the real cost of having to sign in to a project before being able to contribute ? It's just a few emails and an identifier for your contributions.
Identifier that can be banned if you screw up, of course.