JavaScript Types Security
Headlines
Enforcing SQL-in-JS query correctness - Screencast shared by Karl Horky demonstrates SafeQL by Eliya Cohen:
Is TypeScript All We Need for Application Security?
5 best practices for React with TypeScript security - Using TypeScript with React provides several advantages in application-building, including the option of simpler React components and better JavaScript XML (JSX) support. However, it also introduces some security challenges that developers need to be aware of…
Friend or Foe? TypeScript Security Fallacies - Check out the video recording of Liran Tal’s talk on Voxxed Days Bucharest 2025.
Spot the TypeScript Vulnerability
Haven’t watched my talk above about TypeScript Security? See if you can spot the insecure coding conventions in the following code snippets:
Ok, that was an easy one. How about this one:
How about this TypeScript + Zod implementation:
Full working example of a vulnerable Express + TypeScript application demo code on my GitHub: https://github.com/lirantal/vulnerable-demo-express-typescript-2025
📦 On npm
- StrykerJS - A mutation testing framework for JavaScript. It allows you to test your tests by introducing bugs in your code and checking if your tests catch them.
- Fast-check - A property-based testing framework for JavaScript and TypeScript. It allows you to write tests that generate random data and check if your code behaves correctly for all possible inputs.
âť— New Security Vulnerabilities
- @trpc/server found vulnerable to CVE-2025-43855 Uncaught Exception, 24 Apr 2025
- passport-wsfed-saml2 found vulnerable to CVE-2025-46573 User Impersonation, 7 May 2025