“No way to prevent this” say users of only package manager where this regularly happens

Xe Iaso: “… echoing statements expressed by hundreds of thousands of programmers who use the only package manager where 90% of the world’s supply-chain attacks have occurred in the last decade, and whose projects are 20 times more likely to fall victim to supply chain attacks.”