> know and trust that our supply chain is safe and can be trusted.

I'd actually think stuff like that recent npm worm would be a bigger danger than whatever this mess is?