Snyk uncovers malicious code activities in open source supply chain security on the npm registry

Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.


Node.js's Underrated Combo: Passport and CASL

It’s easy to get lost with dozens of plugins and frameworks when starting a new project that requires basic authentication and authorization capabilities. It doesn’t have to be that way. In this article, we’re going to explore two valuable Node.js packages — Passport and CASL — that can help you boost the security of your application by providing both authentication and authorization functionality.


Node.js Server Monitoring: A How to Guide

Node.js is one of the most popular Javascript frameworks in 2021. With the increasing demand for Node.js comes the crucial next step of Node.js server monitoring. The best way to monitor your Node.js server is with an Application Performance Monitoring (APM) tool. Keep in mind, Node.js server monitoring is a bit of a tricky task, and there are particular challenges you should be aware of. But don’t worry because this how-to guide will walk you through it step-by-step.


5 ways to prevent code injection in JavaScript and Node.js

Writing secure code in a way that prevents code injection might seem like an ordinary task, but there are many pitfalls along the way. For example, the fact that you (a developer) follow best security practices doesn’t mean that others are doing the same. You’re likely using open source packages in your application. How do you know if those were developed securely? What if insecure code like eval() exists there? Let’s dive into it.


Avoiding npm substitution attacks using NCM

NodeSource is excited to announce its latest NodeSource Certified Modules - NCM - release. NCM, provides developers and software teams with actionable insights into the risk levels that are present in your use of third-party packages. This release includes updates to avoid npm substitution attacks and also a GitHub Integration: Code risk, compliance and security action for PRs on Node.js.


Preventing SQL injection in Node.js (and other vulnerabilities)

The database is an essential part of a web application. It’s where you receive and store users’ data, which you can then use to provide personalized services. As such, database security is an important part of every web application to ensure the safety and integrity of data collected from users. In this post, we’ll be looking at SQL database vulnerabilities in Node.js, like SQL injection, and how to prevent them.


Announcing Worker Threads Monitoring for Node.js in N|Solid

NodeSource is very excited to announce the addition of Worker Threads support in N|Solid, it’s an amazing new feature for our customers on their journey with Node.js. Worker Threads are a very powerful feature in Node.js that allows developers to build more complex and robust applications.


Powerful Caching with Redis for Node.js Applications

Regardless of the tech stack used, many developers have already used Redis or, at least, heard of it. Redis is specifically known for providing distributed caching mechanisms for cluster-based applications. While this is true, it’s not its only purpose. Redis is a powerful and versatile in-memory database. Powerful because it is incredibly super fast. Versatile because it can handle caching, database-like features, session management, real-time analytics, event streaming, etc.