From time to time it's reasonable to audit dependencies for security issues and fix found issues.
Manual (local)
Use the following command to perform audit check and apply automatic fixes if possible.
yarnaudit:fix
Automated (CI)
The dependencies audit procedure should be automated by leveraging tools like Dependabot, or GitHub Actions in conjunction with Snyk and similar tools.
Code scanning
Source code should be regularly checked for vulnerabilities by leveraging GitHub Actions with tools like CodeQL and similar. See more here CodeQL Action
Shell scripts
Always inspect shell scripts before executing it on your machine.