Hello, We add a check in npm packages in kexa.io .

see https://medium.com/@contact_52772/malicious-npm-packages-aut... .

For futur we can add a call to an open source api to list the ban packages. Thank you, Patrick

My strategy has been to limit my exposure to the larger NPM/Node.js ecosystem. I'll use it only in limited cases where a front-end dependency is required.