I think most package systems are going to start, if not already, facing real supply chain attacks. The node ecosystem, from an attacker's lens, had quite a heavy leaning ratio of non-security conscious users which makes a better breeding ground for exploitation.