KYCS ‒ Know Your Code Sources (and let it be known)
CRA at the time of submission is still in a draft status, but it is relatively clear that it will impose a duty to make the software safer if and when it is distributed on the market as a final product. In any case, whatever the outcome of such discussion is, open source projects should strive to ease up CRA compliance for their downstream adopters, if they want to keep them.
Open Source Best Practices