The security of the project always used to be considered backend’s job. But there is almost the same amount of vulnerabilities present on frontend. Especially with Single Page Applications, where you often deal with sensitive data.
ESLint has got your back for many security issues. But the best way to protect yourself is to know what kind of attacks could happen. Hacksplaining.com is a great resource to learn how to perform attacks and, more importantly, how to prevent them.
If you are building a server-side rendered app, this also means that you need to take care of server security. The bare minimum is HelmetJS for Express servers.
Use amazing https://observatory.mozilla.org/