The solution the supply chain problems is removing your deps from .gitignore

The post argues that supply chain attacks would be eliminated if developers checked vendor/node_modules/venv directories into version control instead of using automated dependency install steps. The author claims this removes the attack surface from malicious package updates and GitHub commit hash exploits, making all dependencies traceable.