Ask HN: How can I make NPM more secure?

IIRC a system-deleting bug made its way into a popular NPM package months ago, and I've also heard it's trivial to add rogue dependencies deep in the tree. How can I protect myself against things like this while using NPM?