[ComCat]

You're describing two different things,

The container comparison misses where these attacks actually happen. Containers limit what code can do at runtime. We flag what code intends to do before it ever runs. These are complementary. A container won't stop a postinstall script from reading ~/.ssh/id_rsa and posting it to an attacker's server if your CI environment has network access and a mounted home directory — which most do.

Yes sophisticated attackers adapt. But the current state of npm supply chain attacks is that most don't even try to evade — because nobody's looking at the code. Every major attack in 2025 used the same playbook: credential theft + network exfil + install script abuse. Raising the floor from "zero analysis" to "26 behavioral detectors with cross-signal correlation" eliminates the entire class of low effort attacks and forces the rest into increasingly constrained patterns.