The @bitwarden/cli compromise and ua-parser-js happened the same way on the surface: someone published a malicious version to npm. "Supply chain attack" covers both. But structurally, they're different threats — and treating them as one risk means your mitigations work on one and leave the other wide open. I covered the structural difference earlier today . This post is about what happens when you start measuring both surfaces at the package level — specifically, what proof-of-commitment now reports. Two surfaces Maintainer surface. A single person or small group controls the publish credentials. Compromise any of them — stolen token, phishing, coercion — and you control what goes to npm. The malicious release is legitimate by every build system measure. Provenance attestation will verify it faithfully, because the right pipeline ran. Build surface.…