Good point actually. Backend agent + Frontend agent... and of course a background agent consistently checking npm libraries for vuln disclosures :D