A modern web application is bundled with tons of open-source dependencies. Developers are usually unaware of the number of open-source packages that's running under their package's hood. If you've ever wondered why your node_modules were so large, well that's why!
Contrary to popular belief, open-source components and dependencies are not more secure than their proprietary counterpart. Sure, there's a fleet of developers who volunteer to maintain certain repositories and that's great! However, the mere fact that lots of people use something doesn't make it more secure.
Add to this the issues around obsolete and abandoned packages. They're still popular amongst developers, but no longer maintained by anyone. In certain other cases, the developers are at fault by not prioritizing security updates. It becomes clear that protecting an organization's applications on a daily basis has now become a crucial necessity for survival in the market.
As you might already know, layered security is imperative and crucial. No one layer or program can withstand the numerous attacks from the unknowns of the dark web. Therefore, once organizations follow some of these best practices, they should be empowered to implement a robust strategy for a secure environment around their business-critical applications.