Supply chain attacks pose a significant threat in modern software development, but managing dependencies thoughtfully, especially when using npm, can help mitigate these risks. Utilizing npm scopes is an essential strategy to secure internal packages by linking them to private registries and preventing unauthorized access or publication on public registries. This approach not only safeguards against malicious attacks but also reduces non-malicious failures, such as name collisions, that can disrupt builds. Additionally, it's crucial to ensure that internal registries do not proxy or merge package names from public registries, maintaining the integrity of internal packages. Developers should configure projects to use internal registries, treat proxied data as untrusted, and respond promptly to build failures to prevent unintended exposure to vulnerabilities. By employing these practices and tools like GitHub Packages, developers can strengthen their supply chain security, while community involvement and ongoing developments in the npm CLI roadmap promise further enhancements to secure software builds.