Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.
It’s easy to get lost with dozens of plugins and frameworks when starting a new project that requires basic authentication and authorization capabilities. It doesn’t have to be that way. In this article, we’re going to explore two valuable Node.js packages — Passport and CASL — that can help you boost the security of your application by providing both authentication and authorization functionality.
Koabamm! We now monitor Koa. This Node.js framework enables you to use cascading middleware, which can now also be shown in AppSignal. Let’s dive right in!
Writing secure code in a way that prevents code injection might seem like an ordinary task, but there are many pitfalls along the way. For example, the fact that you (a developer) follow best security practices doesn’t mean that others are doing the same. You’re likely using open source packages in your application. How do you know if those were developed securely? What if insecure code like eval() exists there? Let’s dive into it.
NodeSource is excited to announce its latest NodeSource Certified Modules - NCM - release. NCM, provides developers and software teams with actionable insights into the risk levels that are present in your use of third-party packages. This release includes updates to avoid npm substitution attacks and also a GitHub Integration: Code risk, compliance and security action for PRs on Node.js.
The database is an essential part of a web application. It’s where you receive and store users’ data, which you can then use to provide personalized services. As such, database security is an important part of every web application to ensure the safety and integrity of data collected from users. In this post, we’ll be looking at SQL database vulnerabilities in Node.js, like SQL injection, and how to prevent them.
NodeSource is very excited to announce the addition of Worker Threads support in N|Solid, it’s an amazing new feature for our customers on their journey with Node.js. Worker Threads are a very powerful feature in Node.js that allows developers to build more complex and robust applications.
Regardless of the tech stack used, many developers have already used Redis or, at least, heard of it. Redis is specifically known for providing distributed caching mechanisms for cluster-based applications. While this is true, it’s not its only purpose. Redis is a powerful and versatile in-memory database. Powerful because it is incredibly super fast. Versatile because it can handle caching, database-like features, session management, real-time analytics, event streaming, etc.