Most major browsers, including Edge and Chrome, do this and are really good at it.
> closely monitor your deps for vulnerabilities and ship patches as quickly as possible
Most major browsers do this too, and they have well-established update pipelines that can patch vulnerabilities in short order.
> choose deps with a better security track record, when possible
Most major browsers do this (e.g., "boringssl").
> independently scan, test, and validate the deps you bring in
Most major browsers do this as part of QA and vulnerability scanning.
> things you can do in an electron app:
> * pray
* leverage all of the work that thousands at Microsoft, Google, Mozilla, etc., put into deploying what I suspect are the most heavily-attacked, heavily-scrutinized, and heavily-audited software platforms in existence.
Not that I'm specifically advocating web apps over native apps, but I don't think your list does a good job outlining their advantages.
That's likely to get fixed quickly and I can just apt-get upgrade. With electron we have to wait for google to fix it in chrome, wait for electron to update the chrome version or backport the patch, wait for the app developer to update their version of electron and then update it on your machine.
