I've always heard that using 3rd party libraries is a risk for the security of an enterprise application.
Third party libraries represent one of biggest, and possibly most overlooked, threats to enterprise security. That’s because open source components are regularly used by enterprise application developers to speed development and avoid “re-inventing the wheel”. Third party code makes up between 30 percent and 90% of typical applications...
Quote from Third Party Libraries: the Swiss Cheese of App Security
I've always wondered if this is also the case for web development, as a lot of 3rd party dependencies are used all over the place.
And stuff like what happened with eslint-scope...
What do you think? Should we be considering more what libraries and 3rd party software we use?