Translating my experience securing NPM for enterprise into some usable tips for the individual developer