I don't know how I could update node.js packages automatically, but safely at the same time.
I mean, npm update automatically installs the latest version of packages, which is convenient, but what if a developer of a package decides to hide some harmful/data-stealing/etc. code inside the latest version? AFAIK there is no approval process for npm packages.
Avoiding sudo on Linux and Mac, and not using admin account on Windows does not seem to solve the problem. On one hand, there are special cases when the app does need root/admin rights, and on the other hand, there is no need to have elevated rights to do harm.
Do you regularly check the source code of the new versions of packages used by your node.js backed website, from a security point of view? If not, why not? If yes, then what is your procedure? How do you stop potentially dangerous modifications leak into production code?
With the convenience of npm comes not knowing what is going on inside the modules you are currently installing. There is nothing that does what you describe automatically. If you are concerned about potential threats in modules you install, find the source, study it and then compile it yourself.