Protecting your user's data (a follow up)

The companion piece to the horror story I posted about NPM packages being used as a vehicle to steal your user’s passwords and credit card numbers has dropped.

In it the author lays out a variety of techniques for protecting yourself and your users via changes to your website (the main one being, isolate the code you use for login or credit card submission from all other code):

How to stop me harvesting credit card numbers and passwords from your site