Happy new Monday everyone!

In the spirit of end of year and Black Friday deals, I wanted to break the news on a new project of mine :-)

Excited to announce & celebrate with you all the release of Bun Security Essentials Course & Book - a unique and new look into Bun server-side JavaScript runtime that I’ve been working on for the past few months.

In the spirit of festivities, I’ve also made a special deal for the Node.js Secure Coding books series at a 65% off discount for Black Friday! 🎉

David Lorenz, author of the Supabase book, reminds us of potential security pitfalls - getSession() itself is not secure. getUser() is but hits another request. You can check against getSession with your JWT Secret and confirm if it’s valid:

Raw SQL Queries are Actually Better for Security Than ORMs? - Kinda. Well, there are some specific security vulnerabilities that sort of disappear when you don’t follow the coding patterns associated with ORMs. Here’s the break-down.

Codebuff is Codemods + AI - Leveraging LLMs for natural language large-scale and context-aware code editing. I am interested to see if this shapes up as a static security analysis tool or a sort of smarter ESLint that is more agile and able to help developers with secure coding practices.

A complete guide to HTTP Security Headers - A comprehensive and illustrative guide to understanding CORS, Content Security Policy, and various other security headers.

📦 On npm

eslint-plugin-next - An ESLint plugin aimed at helping developers secure their Next.js applications by detecting common security vulnerabilities and misconfiguration in Next.js setup.

❗ New Security Vulnerabilities

• vue-i18n found vulnerable to CVE-2024-52809 Cross-site Scripting, 28 Nov 2024
• axios found vulnerable to Cross-site Scripting, 26 Nov 2024

🧠 Can you find the security vulnerability here?