Understand how to avoid using vulnerable components
Vulnerable Components
Modern software development is more and more becoming about glueing programmes together using 3rd-party libaries and tools. However, an application which relies on a vulnerable library may itself be vulnerable as a consequence.
Avoiding Vulnerable Components
Remove unnecessary libaries and components from your codebase/platform
Regularly scan your dependencies (using a tool like Snyk) to check for anything vulnerabilities that need addressing
Keep software (operating systems, runtimes, libaries etc.) up-to-date with the latest patches
Assignment
There are many tools which exist to help you identify vulnerable components within your application. A popular one is Snyk.
Follow the instructions on their website to test a local Node project.
If you get an error like "running scripts is disabled on this system" you may need to preface the commands with npx like
npx snyk auth
Snyk will output a report on your project as a webpage.