Securing a handful of developer accounts and vetting a few projects would greatly increase the security of the npm ecosystem of JavaScript libraries.
Article Link: https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/#ftag=RSSbaffb68