How did this happen?
Some developers/companies blindly update their packages and deploy to production. Also hobbyists using a CDN, point your script tag to the latest update.
How should we prevent this from happening and secure our application even more?
We should just point our script tags to the specific version we need. No more, no less. Code is very easy to break, every change should be double checked. If you'd rather have the latest update, push your code to a test environment before pushing to production. This can be done through a testing stage during CI/CD.
Same applies to possible hacked or broken dependencies in your project. This is a lesson for all developers.