Ask HN: Which open source library if compromised would impact the most systems?

I'm trying to drive awareness of supply side attacks and I think this question is relevant for anyone in software.

So for example in the Java world commons-logging.jar is used in lots of projects and downloaded with no code inspection from the internet. If compromised and unnoticed overtime lot's of systems would be back doored.

All languages and frameworks have this issue.