Supply chain attacks aren't exclusive to JS just like malware isn't exclusive to Windows, it's just that JS/Windows is more popular and widespread. Kill JS and you will get supply chain attacks on the next most popular language with package managers. Kill Windows and you will get a flood of Linux/MacOS malware.
Maybe language based package managers aren't great. Also, npm has design decisions that make it especially prone to supply chain attacks iirc
JS apps need more direct dependencies and transitives to do basic things vs. other languages.