root user: It means that the user can do everything on that server. Basically, god mode.

If you use a container, you probably use Node.js as a root user. The problem is that if a hacker gets a hold of your Node.js server as a root user, they will have access to everything, which can have catastrophic consequences (just an easy example: imagine if a hacker were to send your credit card information to themselves - I guess you wouldn't be happy :) )

Solution: Node.js has a defined NODE user with limited privileges. Use that.

Vulnerability Inspection: If you have a larger project, you have to be able to check if you use the safest up-to-date packages. In Node, you can do this with the npm audit command.