Are there any guidelines or best practices how to audit/review dependencies and especially dependencies of dependencies?
I've just watched "Analysis of an Exploited NPM Package || Jarrod Overson": Analysis of an Exploited NPM Package || Jarrod Overson - YouTube -- it's a quick presentation that made me think whether and how relevant it is for Rust and cargo/crates.io since both cargo and npm share the same/similar dependency versioning scheme and capabilities.
If you're asking to audit dependencies for security vulnerabilities, you may want to have a look at cargo-audit. If not, then please clarify what you mean by audit/review dependencies, since not everyone wants to watch the whole presentation for that matter.
You may be interested in cargo-review-deps, a project from Ferrous Systems that helps you to review changes in your dependencies when you run cargo update.