Following the npm hack, I think this is an attack vector that will get more popular in the short term. What tools beside npm audit and dependabot, do you use to monitor for dependency security vulnerabilities?