> Serious question: should someone develop new technologies using Node any more?

I think we have given the Typescript / Javascript communities enough time. These sort of problems will continue to happen regardless of the runtime.

Adding one more library increases the risk of a supply-chain attack like this.

As long as you're using npm or any npm-compatible runtime, then it remains to be an unsolved recurring issue in the npm ecosystem.