npm Supply Chain Audit: The Checklist Most Teams Stop Too Early
In October 2021, the popular npm package `ua-parser-js`—used by major companies like Facebook and Google with 7 million weekly downloads—had no reported vulnerabilities and clean code, but its maintai…