We can use JavaScript to improve your web pages and increase your users' experiences within your site; it also has some limits. Some of these restrictions are due to the script running in the browser, which means it can't connect to the server, while others are due to security measures to prevent web pages from interfering with your machine. There is no way to get around these limits, and anybody who claims to be able to execute any of the above activities using JavaScript hasn't examined all of the variables.
JavaScript cannot write to server files without the assistance of a server-side script
JavaScript can submit a request to the server using Ajax. This query can read XML or text files, but it cannot commit to them unless the server's request is a script that writes the file for you.
You can't use JavaScript to manage databases unless you utilize Ajax and a server-side script to do the work for you.
JavaScript is unable to read or write to files in the client
Although JavaScript executes on the client computer (where the web page gets displayed), it is not permitted to access anything outside of the web page itself. This behavior happens for security reasons; otherwise, a web page would be able to update your computer to install whatever they want. The only exception to this rule is files called cookies which are tiny text files that JavaScript can write to and read from quickly. The browser restricts access to cookies so that a given web page can only access cookies created by the same site.
JavaScript could not close a window if it didn't open it. Again this is for security reasons.
JavaScript cannot access web content (code and pages) hosted on a different domain
Although JavaScript is executing on the client machine, it is not permitted to access anything other than the web page. This behavior happens for user security, as a web page may otherwise update your computer and install whatever it wants. The only exceptions are cookies or tiny text files that JavaScript may quickly write to and read from. The browser controls cookie access so that a specific web page can access only cookies generated by the same website.
JavaScript is unable to protect your page's source code or images
Any images (jpg, png, .webp) on your web page are downloaded individually to the machine displaying the web page, ensuring that the person viewing the website already has a copy of all of the images. We can say the same for the web page's HTML source code, and the web page must be able to decrypt any encrypted internet page before it can be displayed. Any images (jpg, png, .webp) on your web page are downloaded individually to the machine showing the web page, ensuring that the person viewing the website already has a copy of all of the images. You can say the same for the web page's HTML source code, and a web page must be able to decrypt any encrypted internet page to show it.
Source: Chapman, Stephen. "What Javascript Cannot Do." ThoughtCo, Aug. 27, 2020, thoughtco.com/what-javascript-cannot-do-2037666.