Earlier this year I gave a talk at Code BEAM STO about a proposed solution to the ever more real risk of hidden malicious code in our library dependencies. You can watch the whole thing here:
UPDATE: I have since dropped active development of the Hoplon project, but I hope something like it will become reality when the tech community is ready for it :)