I feel like as someone who recently worked within helping in the aftermath of supply-chain attack. I personally recommend to instill good practices to sandbox things properly, both as a developer publishing libraries yourself and as someone who uses libraries . There are some good projects out there which can do the sandboxing for you and I am seeing a ton of explosion in this space recently something which is good to have as I had the idea of sandboxes an year or so ago and we have gotten far more options now to chose from.
I have been a bit more involved in the LiteLLM incident but I have read about the axios incident and in my research, I found this to be interesting[0] which could have helped. I feel like there are definitely ways to safeguard things which we should try out.
I don't know too much about Antivirus software so I can't speak about that but I feel like there are multiple interesting projects within this space.
My (personal opinion) is to keep the surface of exposure as low as possible. Relying solely on antivirus doesn't feel the best of scenarios and one of the things that I learnt from all of this is to keep a more active eye on security if-possible and to keep your attack surface low basically.