We may need permissions for our dependencies (cf. Android apps). Ryan Dahl already did this with Deno, specifically because he saw weaknesses in Node: network, environment variables, file system, sub-processes.
We may need reproducible builds and reproducible minification. If we want developers to audit their own dependencies, in case we deem that practical, packages cannot ship their own minified sources. Auditing the non-minified source is hard enough.
We may need (for-profit) organizations that audit packages and award their official seal which you can trust before you add or update a dependency.
We may need better standard libraries and fewer micro-packages.
We may need reproducible builds and reproducible minification. If we want developers to audit their own dependencies, in case we deem that practical, packages cannot ship their own minified sources. Auditing the non-minified source is hard enough.
We may need (for-profit) organizations that audit packages and award their official seal which you can trust before you add or update a dependency.
We may need better standard libraries and fewer micro-packages.