alt Hacker NewsWhat exactly do you think the argument is?
The issues have everything to do with npm as a platform and nothing with JS as a language. You can use JS without npm. Saying you'll escape supply chain attacks by not using JS is like saying you'll be saved from an car crash with a parachute.
Well, this particular case could be wholly avoided if it didn't take 2 decades to get competent HTTP(S) client into core language