I'm new to hybrid app development and web development in general. Are there common coding practices/techniques I can use to ensure that I write code which does not put the end user at risk of malicious software exploiting my app to cause harm?
How can I research the known security vulnerabilities of JS, a specific function or construct in JS, a JS framework/library? Is there a balance I should strive for between how much time I spend researching or implementing security measures in my app vs. writing actual app logic?
I would also like to avoid obfuscating my code since this affects performance and may not work well with the frameworks I want to use.
And finally, as a related question. Are JS libraries found on a repository such as npm trustworthy? That is, do the people running npm/node check for the ethical (and technical) integrity of the packages offered on their platform? Or do they at least have a verification process in place?
If the answer is no, what are some standard practices that are used before developers or organizations decide on using an external library from such a platform? NPM and Github specifically.
Thank you to all who answer!
P.S. Since I'm new to this SE site, I'm not sure what tags would be appropriate here. I've added a few, but if someone who can provide an insight feels another set of tags would be better, please feel free to edit my question.
