A heads up about risk in the software dependency chain. With more people moving to using Node-JS for web enablement it's worth bearing in mind that you need to think about risk in the software supply chain. Particularly risks from NPM packages that you might not otherwise think about. The problem's not unique to NPM, but is also present with other package management systems such as Ruby gems or Pip or whatever people use with PHP. Does anyone still use PHP?
There are a couple of software services that mitigate the risk by reporting on issues in the dependency chain. Github and Gitlab have purchased companies that do that and Dependabot is still independent.