To defend against slopsquatting, proactive trust verification must occur before any dependency lands in a developer's hands.