I was trying to find a solution to this problem for my organization and came across https://tidelift.com/. I like some of their ideas and think it's a solid path forward at chipping away on this issue.
https://libraries.io/ is a project of theirs I use quite often when vetting third party dependencies for our organization.
https://libraries.io/ is a project of theirs I use quite often when vetting third party dependencies for our organization.