Well first by communicating with NPM which could take an extraordinary action to break builds in the case where this is the least bad actions or by doing something logical and providing developers or company contacts to register to receive warnings ideally based on parsing actual dep versions and transmitting a message directly to the designated contact for a project.