Security concerns surrounding the NPM ecosystem have gained significant attention after the SolarWinds breach. The escalating threat to both developers and the applications they create, highlights the critical need for awareness and strategies to mitigate supply chain attacks and various security weaknesses throughout the software development process. In this talk, Leonardo will share experience and hands on strategies to secure Node.js production services.