Active supply chain attack across NPM, PyPI, and Crates. io