The Node.js Secure Coding Blog

NodeJS Path Traversal Vulnerability Scanner
How about a more offensive side of security? Check out a NodeJS path traversal vulnerability scanner.
Nov 2, 2024 ~ 6 min read
nodejs
path
traversal
scanner
directory traversal
Do not use secrets in environment variables and here's how to do it better
Stop storing secrets in environment variables. It's a bad practice and only fits hobby or side projects with no real business impact. Here are all the reasons why you should never store secrets in environment variables and how to do it better.
Oct 6, 2024 ~ 26 min read
secrets
environment variables
config
security
How to use npm audit
Getting started with the npm audit command and learn why it's not enough and how to advance your project's security posture with more robust security tools like Snyk.
Oct 2, 2024 ~ 8 min read
npm audit
snyk test
npm
security
vulnerabilities
How to use yarn audit
Better some security than none at all. If you're using Yarn package manager, learn about `yarn audit` and how to use it to check for vulnerabilities in your dependencies.
Sep 26, 2024 ~ 7 min read
yarn audit
npm audit
vulnerabilities
yarn
Raw SQL Queries are Actually Better for Security Than ORMs?
Have I gone mad? Do I actually recommend not using an ORM and actually gaining a security advantage? Sort of. It's more nuanced but if we're trying to fix SQL injection and related vulnerabilities then I invite you to take a read.
Sep 22, 2024 ~ 11 min read
raw
sql
ORMs
Node API Security
Briefly exploring core concepts around Node API security with regards to GraphQL and REST API design with code examples specific to Node.js application servers.
Sep 10, 2024 ~ 7 min read
nodejs
secure
configuration

Newer posts

Older posts