I do feel its indicative that most of the authors issues stem from GitHub, the facebook of foss, big social media for coders. If you don't want to engage with the social trends and aspects of the ecosystem (which is perfectly understandable) then GH seems particularly poor choice of platform to publish your software on. I feel the author would have far better chance of "to be left the hell alone" if they chose literally any other platform.
Not the author, but I wouldn't say it's just (or even primarily) Github's pull requests or "critical security advisory" that's the problem here. PyPI requiring 2FA for maintainers of popular software has had more real-world impact (one maintainer took down and recreated their project, erasing old releases), and Google calling for deanonymizing (doxxing) maintainers of open-source software is more terrifying.
I'd argue that the problem isn't that "software supply chains do not exist", but "you using a program or library without pay does not and should not mean the software's author is now responsible for fulfilling your use cases and paperwork requirements".
