Your team’s CI/CD pipeline on Cloud Build uses open-source JavaScript libraries from npm. The security team has flagged concerns about supply chain attacks on dependencies. You need to implement a robust, cost-effective solution to ensure that only secure packages are deployed to production. What should you do?