Supply chain security4 min readNX npm Supply Chain Attack: How Cloudsmith Would Have Contained the Blast Radius