It's two things really: a small standard library and sheer size of developer community. JS has way more developers than any other language. But if you search for "$PROGRAMMING_LANGUAGE supply chain issues" you literally find reports for all popular languages.
[1] claims that half of Python packages have security issues.
[2] says that the Rust supply chain has security issues.