How do we improve security in the npm ecosystem?

For those who haven't seen this trending elsewhere, a popular npm library executed malicious code on victims' computers. To summarize the thread (though it is worth a read) the maintainer of the library gave control to an unknown individual who claimed they wanted to maintain it.