While npm indeed seems most vulnerable, it looks to me like the actual damage done is very small.

Some people had their crypto wallets drained I guess, but as far as I am concerned nothing of any real value was lost.

One could argue that your field saw exploits that did far more damage, no?