With recent widespread attacks on the open source community, though I would share some additional security tooling that is free, easy to use and will help node.js, Python, etc developers against supply chain attacks.
In other works prevent your software update accidentally and unknowingly incorporating malware from dependencies.
The security vendor "Socket" (not to be confused with Socket.IO) already provides some tools that will check your PR's for supply chain issues, or that you can run on the command line when using npm.
But now they have provided a further tool that prevents compromised dependencies even reaching your computer and that will work with other library management tools including for Python and Rust.
I strongly encourage all developers to adopt these tools and others that help protect everyone from the rapidly increasing global malware war that is now taking place.
