There are going to be vulnerabilities, it is a part of life. But if you follow a few general tips, you can mitigate the problems and keep things secure.
Reduce the number of front-end libraries you use. Obviously the less you use, the less can be vulnerable.
Reduce your code foot print with smaller libraries and only what you absolutely need. Do you have a library that just sorts a list? Could you sort it with some other library you also have installed? Do you really need the sort? Less code is less code that can be exploited. Can you reduce their dependencies? Can one library that uses 100 dependencies be replaced with another that does the same thing with only 10?
Go with active libraries that are being constantly reviewed and worked on. Then stay up to date with them with a regular update cycle.
Apply these three tips and you have less code to exploit, have a community helping you reduce discovered exploits and a regular cycle of making sure to patch what you have.
But like I said, vulnerabilities are a way of life for software development. Front-end JS libraries are notorious for these as well. All you can do is reduce the attack vector and stay patched up.
Also, remember that not all vulnerabilities are created equal. There was a thread a while ago where the OP was worried by a vulnerability in a library he was using, but ultimately this turned out to be a non-issue because of how and where he was using it. See here for details:
I tend to worry less about vulnerabilities in front-end code than back-end code, as the potential for damage is usually not as great.
Could you maybe post the results of the audit. I’d be interested to have a look. I guess you did this with npm or yarn, right?
Thanks for your reply. How can I know the active libraries. Actually i am not as expert in coding. Kindly can you review the https://mp3mad.site and check the vulnerabilities that should cause the error in front end.
Nah. That’s like saying I never write any code with bugs. Personally speaking, my code is full of them. I take your point that there is no need to install libraries for every small piece of functionality you require, but a lot of the more popular packages out there are battle tested, cover many edge cases which most devs wouldn’t consider and do receive security updates.
Well you posted about 12 vulnerabilities being detected. Where did you get that information?
That’s what I want to say in a little bit sharp way. I hate the new mentality of programming which is more or less a click and run of existing code. Vulnerabilities can only occur on two stages of your software:
save data (file, database etc)
accessing the network
So in a perfect world,], I am the master of this two points and control every single byte which is used there. As I can’t do this in a real world, I should use as less libraries which are using this functions. But many libraries need to connect to the network even for totally silly things.