Security auditing of NPM dependencies

[HenryWait]

There are many malicious packages in NPM repositories, some clones of existing well known libraries and other the original project bought out by a party with malicious intentions, does this project have any mitigations in place to protect my node?

NPM linting: https://www.npmjs.com/package/npm-lint

Auditing for vulnerabilities: https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities

Remote access tools in NPM https://www.zdnet.com/article/malicious-npm-packages-caught-installing-remote-access-trojans/

[alexbosworth]

You can use the credentials flags --nospend or --readonly to limit access to non-spending methods on the API