To be honest Rust has the exact same supply chain attack pattern - it's just newer and more maintained at the moment. Give it a decade.

Rust doesn’t have post install scripts

	▲	est31 40 minutes ago \| parent \| next [-]
		There is build.rs, proc macros are unsandboxed, and lastly you install the binary so that you can run it. Even if the build and install were fully sandboxed, the binary could still do malicious stuff if ran.
	▲	fabrice_d an hour ago \| parent \| prev \| next [-]
		It has build.rs that will run as soon as you compile the dependency. That's not the same thing but pretty close to a post install script: it's very likely to run.
	▲	deeebug an hour ago \| parent \| prev \| next [-]
		They have build.rs (https://doc.rust-lang.org/cargo/reference/build-scripts.html)
	▲	tasn an hour ago \| parent \| prev [-]
		It has build.rs, which has essentially the same problems.