Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

thanks to a discussion on reddit [1] and some links [2] I came across a different view on #webcomponents.
In short, just wrap content in a #webcomponent instead of trying to "upgrade" it. Like so:

<user-avatar>
<img src>
</user-avatar>

I always thought until now that it should rather be

<img src is=user-avatar>

but `is` is not widely usable.
I still need to digest it. I see the use cases, but somehow feels still strange

[1] https://www.reddit.com/r/HTML/comments/1ldt5s4/spaish_upgrading_the_details_element/
[2] https://adactio.com/journal/20618

#Development #Approaches
Glossary web component · A slick way to add links and context to your content https://ilo.im/163pvz

_____
#Glossary #Content #Markdown #JSON #Popover #WebComponent #WebDev #Frontend #HTML #JavaScript

The other day I mentioned I might have accidentally written a web component framework powered by @vite Here I've written about said framework - https://mastodon.gamedev.place/@teskooano/114432752411496927

#webComponent #JavaScript #framework #webComponents #vite

Version 0.2.0 of #teskooano is out!

Read about the release and the new #webComponent #JavaScript #framework I've written - now live on the site!

Also see the roadmap for upcoming plans

https://teskooano.space/plan/00002/

#gamedev #webDev #indieDev #ui #typescript