Be careful with the dependencies you include on your project. Examples like this:
https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies
keep showing up. Using an automated tool to continuously check them might be a good strategy (an old post of mine listing some examples: https://blog.ovalerio.net/archives/1296)
@seanl indeed
@dethos Or far more common, libraries with security holes you can drive a truck through, like squel's (still not fixed afaik) failure to properly quote apostrophes under certain circumstances.