The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.