How do you mitigate Node.js supply chain risks?

Quick Answer Supply chain risks: malicious npm packages, typosquatting (attacking-express vs express), dependency confusion attacks. Mitigate with: lockfiles (package-lock.json), npm audit regularly, use npm audit signatures and provenance, pin exact versions for critical deps, use private registries for internal packages, and review dependencies with socket.dev or Snyk.