specially not npm/python related packages with @latest
Yes please give me the latest supply-chain attacks.