Supply chain attacks have been a trendy topic in the past years. Rather than directly attacking their primary target, attackers infiltrate less secure assets, such as software depenencies, firmware, or service providers, to introduce malicious code. In turn, these components also have their own layers of dependencies, and we can start to understand why this becomes a very complex problem. Most of the coverage of such attacks focusses typosquatting issues, where attackers register in hope of deve...