NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages
Learn about the npm `ignore-scripts` flag and how to use it to prevent the execution of arbitrary commands from malicious npm packages.
The Node.js Secure Coding Blog
Where to find npm vulnerabilities?
If you are doing security research or just curious about finding npm vulnerabilities, let me share some resources to help you stay up-to-date with the latest security CVEs in the JavaScript ecosystem.
How to Hunt for IDOR Vulnerabilities To Exploit Security Misconfiguration?
IDOR vulnerabilities are often overlooked but can lead to data exfiltration and exposure of confidential data. Here's how to hunt for them with an example Node.js code.
How to Avoid JWT Security Mistakes in Node.js
Learn how to use JSON Web Tokens (JWT) securely in your Node.js applications. I'll cover the basics of JWT and share best practices to avoid common security mistakes.
Can a Node.js Secure Code Review Find Future Vulnerabilities?
Half a dozen secure code review comments and none of them mentioned the potential security vulnerability that exists in the code snippet. Let's dive into a Node.js secure code review and see if you can spot the security bug you totally missed.
The Okta bcrypt Security Incident and The Bun vs Node.js Angle in Secure By Design
Even if you follow security best practices and choose bcrypt for password hashing you can still get it wrong. How does Bun handle it in a more secure fashion? What happened with the Okta bcrypt incident? Lets dive in.