Ensure the integrity of packages you download from the public npm registry, or any registry that supports signatures, by verifying the registry signatures of downloaded packages using the following npm CLI command:
npm audit signatures
The CLI will error if some packages have missing or invalid signatures. This could indicate that those packages might have been tampered with.
Read more about this feature from our documentation: about registry signatures.