In September 2025, attackers compromised trusted npm maintainer accounts via phishing, leading to the publication of malicious versions of 18 popular npm packages, impacting websites and applications by enabling crypto asset theft and the modification of developer tokens. Cloudflare's Page Shield, a client-side security solution, was highlighted for its ability to detect and prevent such attacks using a machine learning-based approach that processes vast amounts of JavaScript scripts daily, identifying less than 0.3% as malicious. The system employs a message-passing graph convolutional network (MPGCN) model, which learns to distinguish between benign and malicious code based on structure and syntax, making it resilient to various attack techniques. Improvements in the model's precision, recall, and F1 score have been achieved through enhanced training datasets and evaluation criteria. Despite the absence of detected activity related to the npm attack among Cloudflare users, the Page Shield successfully detected and blocked the threat, showcasing its capability to protect against fast-moving supply chain attacks. Going forward, Cloudflare plans to enhance its ML signals with contextual data and consolidate its classifiers by phasing out the "Code Behaviour Analysis" in favor of the more effective MPGCN-based approach.