“Supply chain security” is a serious problem. It’s also seriously overhyped

Setting a cooldown of 7 days would have prevented the vast majority of these attacks from reaching end users

https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns