
How to use yarn audit
Better some security than none at all. If you're using Yarn package manager, learn about `yarn audit` and how to use it to check for vulnerabilities in your dependencies.
-->
Better some security than none at all. If you're using Yarn package manager, learn about `yarn audit` and how to use it to check for vulnerabilities in your dependencies.
Have I gone mad? Do I actually recommend not using an ORM and actually gaining a security advantage? Sort of. It's more nuanced but if we're trying to fix SQL injection and related vulnerabilities then I invite you to take a read.
Briefly exploring core concepts around Node API security with regards to GraphQL and REST API design with code examples specific to Node.js application servers.
Briefly exploring the Node.js threat model to draw some opinions on whether Node.js is secure or not.
Are you using regex to validate URLs? Learn from a CVE identified in the node-forge npm package that was using a regex pattern to validate URLs and resulted in a security vulnerability.
Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!