The Node.js Secure Coding Blog

Holes in the Safety Net: Bypassing SSRF Protection in safe-axios
Analyzing a vulnerability in safe-axios, an npm package designed to safeguard applications from SSRF attacks.
Feb 6, 2025 ~ 2 min read
nodejs
ssrf
vulnerability
cve
How to Parse URLs from Markdown to HTML Securely?
What if I told you that parsing URLs from user input, especially from Markdown content, can be a security risk? Here is how URL parsing logic an be bypassed and what you need to know to handle it in a secure way.
Jan 30, 2025 ~ 9 min read
nodejs
parsing
secure coding
markdown
url
NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages
Learn about the npm `ignore-scripts` flag and how to use it to prevent the execution of arbitrary commands from malicious npm packages.
Jan 23, 2025 ~ 7 min read
npm
ignore scripts
malicious packages
Where to find npm vulnerabilities?
If you are doing security research or just curious about finding npm vulnerabilities, let me share some resources to help you stay up-to-date with the latest security CVEs in the JavaScript ecosystem.
Jan 13, 2025 ~ 2 min read
nodejs
secure
configuration
How to Hunt for IDOR Vulnerabilities To Exploit Security Misconfiguration?
IDOR vulnerabilities are often overlooked but can lead to data exfiltration and exposure of confidential data. Here's how to hunt for them with an example Node.js code.
Jan 3, 2025 ~ 6 min read
idor
insecure direct object reference
security vulnerability
How to Avoid JWT Security Mistakes in Node.js
Learn how to use JSON Web Tokens (JWT) securely in your Node.js applications. I'll cover the basics of JWT and share best practices to avoid common security mistakes.
Dec 19, 2024 ~ 4 min read
nodejs
jwt
auth
tokens

Newer posts

Older posts