All package ecosystems that allow unvetted code being published are affected, it just happens that npm is by far the most popular one, so it gets all the news.