* https://www.whitesourcesoftware.com/resources/blog/npm-packa...
* https://medium.com/@alex.birsan/dependency-confusion-4a5d60f...
* https://blog.sonatype.com/npm-project-used-by-millions-hijac...
* https://checkmarx.com/blog/attackers-write-bugs-as-well/
When was the last time you audited all of the libraries a SPA depended on? If it was during the last build, congrats, you're doing great.
Lots of times it isn't automated and can be neglected, though.