Came here to say just that, but you beat me to it.
A few things developers can do right now to introduce or elevate the security posture of their projects:
Incorporate a security static code analysis tool to ensure the code you're writing is safe (e.g. awesome-static-code-analysis).
Incorporate compositional analysis tools to ensure your dependencies are free of vulnerabilities (e.g. snyk, npm audit).
Enable & require MFA when publishing modules to npm.
Be cautious of dependencies that don't do any of the above and prefer a little copying over bringing in an entire dependency if the scope of the dependency is small enough.
Came here to say just that, but you beat me to it.
A few things developers can do right now to introduce or elevate the security posture of their projects:
(e.g. awesome-static-code-analysis). <- Awesome List is awesome! Thank you for the other tools as well. Very good mind set and security policies.