I've used Webpack as an example below so you get some concrete data to study:
- Code Climate
- Node Security Project. They provide a tool known as nsp that can be used to check your project against known vulnerabilities.
- NodeChecker - This tool seems to have stalled. But based on the latest results, roughly only half of all packages have some sort of tests. The real figure might be lower now that npm has grown.
- allnpmviz3d - This services provides a 3D visualization of npm. You can use it to study dependency graphs in a visual manner.
I managed to find only single mirror. There used to be more, including a EU one. I'm not exactly sure what happened. The current situation is a little worrying at least. Now we are relying on npm infrastructure to work always.
I feel one of the greatest challenges npm is going to face in the near future has to do with discovery and package quality. The amount of packages is growing at a scary pace. I haven't done the math, but it wouldn't surprise me if it broke the limit of 300k packages during this year. It just grows faster and faster.
I hope the lists above help you to evaluate the packages you might want to use in a more objective manner. Spending some time researching can save a lot of time over longer term. Project popularity itself isn't any guarantee of quality. It just tells you that the problem it solves is an important one. Perhaps marketing worked and the project went viral. Maybe more could be done to help the consumers of the packages.