How so? Their accompanying app uses NPM as far as I know.
Discussion
https://nitter.net/BitBoxSwiss/status/1965187227795030044
npm is not the problem, but rather compromised packages that you download via npm. If you have good configuration management with fixed versions, you can quickly find out whether you are affected