How to Protect Private npm Packages from Dependency Confusion

When downloading and using a package from any of the sources(npm, pip etc), you are essentially trusting its publisher to run code on your machine. So can this blind trust be exploited by malicious actors? This question gave rise to a new attack vect...