Is there a way to detect/filter dependencies that use HTTP URLs as dependency specifiers as part of an NPM install? Since you can send specific requesters different payloads, I can see how this would bypass most of the normal scanning tools.