Supply chain attacks are an escalating high impact threat that hit hard due to the interconnected nature of the modern software development ecosystem. The high level of trust placed in open-source components allows for these attacks to happen. We saw two recent large supply chain attacks from npm and Salesloft