Supply chain attacks aren't exclusive to JS just like malware isn't exclusive to Windows, it's just that JS/Windows is more popular and widespread. Kill JS and you will get supply chain attacks on the next most popular language with package managers. Kill Windows and you will get a flood of Linux/MacOS malware.
replyMaybe language based package managers aren't great. Also, npm has design decisions that make it especially prone to supply chain attacks iirc
replyJS apps need more direct dependencies and transitives to do basic things vs. other languages.
reply