If in doubt you could also scan your repository, for example using GitHub - Cobenian/shai-hulud-detect: A simple project to detect the Shai-Hulud npm supply chain attack. Package / vulnerability scanners liky trivy or snyk might also provide alerts when vulnerable packages will be used.
In the other thread (Is Vaadin build affected by attacks on npm packages? - #4 by manolo1) Vaadin team shared that their scanning did not identify any affected packages.