> Maybe other languages that depend on this broken dependency management model, like Cargo, PyPI, RubyGems, and many more, are watching this incident and know that the very same crisis looms in their future. Maybe they will change course, too, before the inevitable.

Unfortunely no, that is why SBOM (Software Bill Of Materials), and only allowing vetted software packages on in-house CI/CD is such a thing on many companies.

Unfortunely not yet spread wide enough, and anyway doesn't do anything for everyone else doing software outside big corporation virtual wall.

Most developers are too trigger happy to add software dependencies without thinking twice about them.