> It seems like it might just be that Python/npm are juicier targets?
Attackers go where the victims are. Frontend is a monoculture with the vast majority using NPM; backend, less so. This isn't an excuse for NPM, but another strike against it.
You could also argue that the attacks make a deeper point about frontend vs backend devs, but I won't go there.
Why would you even imply something like that?
They feel the need to compete given that jokes about "backend" devs write themselves
I mean... most frontend devs I've worked with are crayon eaters.
Is this a dogfooding joke?