TL;DR: There's nothing fundamentally less worthy of trust about node's supply chain than any other popular mainstream language ecosystem. They've all got some badness.

---

Here's a trope I'm tired of:

Take X general problem that affects a wide range of systems, attribute it to one narrow system Y. Usually because that system Y's general accessibility and success leads to a higher number of high profile incidents related to problem X.

One of the practical outcomes of this trope is people trying to solve this problem in narrow, ecosystem-specific, non-portable ways.

Other popular mainstream languages don't need a "leftpad" package in the first place.

Node has a more robust standard library than Rust, which forces devs to download third party libraries to compute a regular expression or generate a SHA-256.

For now Node is a richer target due to its popularity but the same issues will hit any language ecosystem that suffer the same flaws should they become popular.

Rust's stdlib is deliberately small in order to allow it to have very strong stability guarantees.