Articles tagged for: security

Node.js Authentication from Lucia to Better Auth
Lucia started off as an educational project to teach authentication and authorization, then evolved into an SDK, then got archived. Let's learn how to migrate a Lucia Auth codebase to Better Auth
Apr 15, 2025 ~ 3 min read
nodejs
security
An Introduction to SSRF Bypasses and Denylist Failures
Getting hands-on with SSRF bypasses and the pitfalls of denylists.
Mar 5, 2025 ~ 3 min read
nodejs
security
ssrf
Prisma Raw Query Leads to SQL Injection? Yes and No
Prisma is a popular type-safe ORM for Node.js but just like all abstractions, it comes at a cost and Prisma Raw Query function may lead to SQL injection if not handled correctly.
Feb 27, 2025 ~ 5 min read
nodejs
security
Do not use secrets in environment variables and here's how to do it better
Stop storing secrets in environment variables. It's a bad practice and only fits hobby or side projects with no real business impact. Here are all the reasons why you should never store secrets in environment variables and how to do it better.
Oct 6, 2024 ~ 26 min read
secrets
environment variables
config
security
How to use npm audit
Getting started with the npm audit command and learn why it's not enough and how to advance your project's security posture with more robust security tools like Snyk.
Oct 2, 2024 ~ 8 min read
npm audit
snyk test
npm
security
vulnerabilities
Uncovering a Prototype Pollution Regression in the core Node.js project
Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!
Aug 16, 2024 ~ 5 min read
nodejs
security
prototype pollution
vulnerability

Newer posts

Older posts