The Node.js Secure Coding Blog

Is Node.js Secure?
Briefly exploring the Node.js threat model to draw some opinions on whether Node.js is secure or not.
Sep 9, 2024 ~ 5 min read
nodejs
secure
threat model
URL Regex Validation: what can go wrong?
Are you using regex to validate URLs? Learn from a CVE identified in the node-forge npm package that was using a regex pattern to validate URLs and resulted in a security vulnerability.
Sep 8, 2024 ~ 3 min read
regex
url
validation
vulnerability
Uncovering a Prototype Pollution Regression in the core Node.js project
Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!
Aug 16, 2024 ~ 5 min read
nodejs
security
prototype pollution
vulnerability
Deno CLI Vulnerability Repeats npm mistakes: CVE-2024-37150
A recent security issue in the Deno CLI (CVE-2024-37150) highlights the importance of secure credential handling. Learn how this vulnerability mirrors past npm CLI mistakes and what you can do to stay secure.
Aug 11, 2024 ~ 4 min read
deno
security vulnerabilities
Security skills for JavaScript developers
JavaScript developers need security skills to safeguard user data, prevent application breaches, and maintain user trust. Learn about essential security skills for writing secure code and fixing vulnerabilities in JavaScript applications.
Jul 29, 2024 ~ 6 min read
security
skills
vulnerabilities
Understanding and Preventing Prototype Pollution in Node.js
Learn about Prototype Pollution in Node.js: what it is, how it works, and how to prevent it. Includes real-world examples and security best practices for developers.
Jul 10, 2024 ~ 4 min read
nodejs
prototype pollution

Newer posts

Older posts