Am I getting bubblewrap somewhere other than my distro? What makes it different from any other executable that comes from there?

Nothing. Does your threat model assume 100% trust in your distro? I understand saying you trust it a lot more than the garbage on npm. But if your trust is anything less than 100%, you are balancing risk and benefit.