A bit off topic, but how is the bitwarden browser extension protected against supply-chain attacks (npm dependencies)?