Supply chain attacks are a reality in modern software development, but you can reduce attack surface by taking precautions and managing dependencies.