GitLab discovers widespread NPM supply chain attack