Modern software projects heavily rely on open-source code, raising concerns about control and security, particularly highlighted by incidents like the Log4Shell vulnerability and the intentional corruption of popular npm packages, colors and faker, by their maintainer. These events underscore the risks associated with blindly trusting code from public repositories, as developers might inadvertently integrate malicious code. The limitations of npm's package management, such as its failure to honor package-lock.json when installing packages globally, further exacerbate these vulnerabilities. In response, the JFrog Security Research team has developed open-source tools like package_checker, npm-secure-installer, and package_issues_history to help detect and prevent the installation of potentially faulty npm packages and to secure the development workflow. These tools aim to bolster security in the software supply chain by providing mechanisms to verify package integrity and by monitoring for problematic updates, thus offering a proactive approach to managing dependencies and reducing the risk of malicious code execution.