No look at the article of this post, it's by SafeDep they are in the same business as Microsoft with their Defender product line. They both publish near identical post mortems with subtle hints at how their product would've defended you against the attack. Why should Microsoft fix the cause instead of selling the cure to each business individually?
It's essential infrastructure there is only one node package manager. I'm not saying it's a good thing, I just describe the systemic reason why it's broken, because that's usually never expressed but its important.
What a wonderful marketing opportunity! Leave it to Microsoft to blindly ignore it.