NPM is getting all the attacks and attention because it is the biggest. But there's nothing language specific to this class of attacks.
replyYes, that is clear. But in this particular instance the tanstack packages are downstream of a ton of other packages.
replyTanstack infected a bunch of other packages; then resolving their issue doesn’t fix the widespread issue