Node.js Authentication from Lucia to Better Auth
Lucia started off as an educational project to teach authentication and authorization, then evolved into an SDK, then got archived. Let's learn how to migrate a Lucia Auth codebase to Better Auth
The Node.js Secure Coding Blog
Bypassing SSRF Protection in nossrf: When Your Safeguards Become Loopholes
Dive into a critical vulnerability in a popular npm package called `nossrf`. This package aims to shield applications from Server-Side Request Forgery (SSRF) attacks by validating user-provided URLs. However, a clever bypass technique renders these safeguards ineffective. Let's dissect the issue and understand how to stay protected.
Vue CLI Security Fix to Mitigate NPM Binary Planting
NPM binary planting is a way to cause dependency confusion within installed executable packages with npx. Haoqun Jiang from the Vue.js and Vite core teams have patched the Vue.js CLI to mitigate this security risk.
Node.js API Security Vulnerabilities with Path Traversal in files-bucket-server
A path traversal vulnerability in the files-bucket-server npm package allows attackers to access files outside the intended directory. API Security is crucial, and this post dives into the vulnerability and how to exploit it.
Will You Accept These GPT 4o Secure Coding Recommendations?
Using AI Code assistants powered by LLMs are a great productivity boost, but are they also free from vulnerabilities? Not really. Not even the GPT 4o model. Let me show you GPT 4o failure in practice.
Command Injection Vulnerability in interactive-git-checkout npm package
Yet another command injection vulnerability in a Node.js package. This time, it's in the `interactive-git-checkout` tool.