The Node.js Secure Coding Blog

Path traversal vulnerabilities were discovered in webpack and backstage npm packages. Learn secure coding practices to prevent path traversal attacks in Node.js applications.

Secure JavaScript coding practices are essential to prevent command injection vulnerabilities in Node.js applications. Learn how to avoid common pitfalls and protect your code from exploitation.

Can you spot an Insecure Direct Object Reference (IDOR) vulnerability in your JavaScript application? Learn what IDOR is, how it can be exploited, and how to prevent it in your code.

Learn about recent npm vulnerabilities in popular npm packages and how to protect your applications from security reports disclosed in 2024.

A project fork is not without risks, and this time it's the safe-eval-2 npm package that is vulnerable to code injection attacks.

Learn how to secure your Node.js applications with the new Permissions Model, stay informed about security releases, and understand the Node.js Security Threat.

Learn about common Node.js security issues and how to mitigate them. This blog post covers Denial-of-Service (DoS) attacks, DNS rebinding attacks, unintended package publication, information exposure via timing attacks, and command injection vulnerabilities.

The npm ecosystem is a minefield of security risks. How can JavaScript developers protect from these threats and adopt npm security best practices? Here's how.

The XZ backdoor CVE-2024-3094 already happened in JavaScript 5 years ago but now the xz and liblzma malware bundled onto Linux distributions is bringing forth a world-wide threatening event in cybersecurity that jeopardizes the trust, sustainability and security concerns in the open-source ecosystem.

Level up your Node.js security game! This guide explores essential best practices to safeguard your server-side code and build robust, secure applications.