The Node.js Secure Coding Blog

Disclosing code injection vulnerabilities in safe-eval-2 npm package

A project fork is not without risks, and this time it's the safe-eval-2 npm package that is vulnerable to code injection attacks.
Apr 26, 2024 ~ 3 min read
nodejs
security
vulnerability
safe-eval
Introducing Node.js Security Permissions Model, Threat Model, and Security Releases

Learn how to secure your Node.js applications with the new Permissions Model, stay informed about security releases, and understand the Node.js Security Threat.
Apr 25, 2024 ~ 4 min read
nodejs
security
runtime
Common Node.js Security Issues and How to Mitigate Them

Learn about common Node.js security issues and how to mitigate them. This blog post covers Denial-of-Service (DoS) attacks, DNS rebinding attacks, unintended package publication, information exposure via timing attacks, and command injection vulnerabilities.
Apr 21, 2024 ~ 5 min read
nodejs
security
vulnerabilities
How JavaScript developers should embrace npm security

The npm ecosystem is a minefield of security risks. How can JavaScript developers protect from these threats and adopt npm security best practices? Here's how.
Apr 17, 2024 ~ 6 min read
npm
security
supply chain security
The XZ backdoor CVE-2024-3094: a JavaScript perspective

The XZ backdoor CVE-2024-3094 already happened in JavaScript 5 years ago but now the xz and liblzma malware bundled onto Linux distributions is bringing forth a world-wide threatening event in cybersecurity that jeopardizes the trust, sustainability and security concerns in the open-source ecosystem.
Mar 31, 2024 ~ 8 min read
event-stream
xz
cve-2024-3094
backdoor
supply chain security
Node.js Security Best Practices

Level up your Node.js security game! This guide explores essential best practices to safeguard your server-side code and build robust, secure applications.
Mar 15, 2024 ~ 6 min read
nodejs
secure
configuration

Newer posts

Older posts