A plain breakdown of the SAP supply chain attack, explained for developers who are not familiar with npm publishing processes like me.