Once again, just having a better supply chain tool, just reviewing the changed packages could mitigate. Maybe hold back some of the dependencies of dependencies would mitigate.

Why aren't more teams putting some tool in-front of their blind-installs from NPM (et al)