Supply chain attacks are available to every language and framework that uses dependencies or modules you don’t control.