Hacker News
- Do not use secrets in environment variables https://www.nodejs-security.com/blog/do-not-use-secrets-in-environment-variables-and-here-is-how-to-do-it-better 92 comments
Lobsters
- Do not use secrets in environment variables and here's how to do it better https://www.nodejs-security.com/blog/do-not-use-secrets-in-environment-variables-and-here-is-how-to-do-it-better 10 comments security
- Introducing Node.js Security Permissions Model, Threat Model, and Security Releases https://www.nodejs-security.com/blog/introducing-nodejs-security-permissions-model-threat-model-and-security-releases 5 comments node
- The XZ backdoor CVE-2024-3094: a JavaScript perspective https://www.nodejs-security.com/blog/xz-backdoor-cve-2024-3094-javascript-perspective 3 comments node
- An IDOR vulnerability was discovered in Clerk's Next.js SDK, what is it exactly? https://www.nodejs-security.com/blog/secure-javascript-coding-to-avoid-insecure-direct-object-references-idor 11 comments javascript
- Weekly news: North Korea malware on npm and Ledger connect-kit crypto heist https://www.nodejs-security.com/blog/north-korea-malware-on-npm-and-ledger-connect-kit-crypto-heist 24 comments node
- Launched my new book 🚀 Node.js Secure Coding: Defending Against Command Injection Vulnerabilities https://www.nodejs-security.com 2 comments node
Linking pages
- Do not use secrets in environment variables and here's how to do it better https://www.nodejs-security.com/blog/do-not-use-secrets-in-environment-variables-and-here-is-how-to-do-it-better 102 comments
- Secure JavaScript Coding to Avoid Insecure Direct Object References (IDOR) https://www.nodejs-security.com/blog/secure-javascript-coding-to-avoid-insecure-direct-object-references-idor 11 comments
- 10 Best Practices for Secure Code Review of Node.js code — Liran Tal https://www.nodejs-security.com/blog/ten-best-practices-for-secure-code-review-of-nodejs-code 1 comment
- An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript — Liran Tal https://www.nodejs-security.com/blog/introduction-command-injection-vulnerabilities-nodejs-javascript 0 comments
- Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples — Liran Tal https://www.nodejs-security.com/blog/securing-your-nodejs-apps-by-analyzing-real-world-command-injection-examples 0 comments
- Destroyed by Dashes: How Two Hyphens Cause Argument Injection Vulnerability in blamer npm Package — Liran Tal https://www.nodejs-security.com/blog/destroyed-by-dashes-how-two-hyphens-cause-argument-injection-vulnerability-in-blamer-npm-package 0 comments
- Secure Code Review Tips to Defend Against Vulnerable Node.js Code — Liran Tal https://www.nodejs-security.com/blog/secure-code-review-tips-to-defend-against-vulnerable-nodejs-code 0 comments
- Node.js and OWASP Top Ten Command Injection: Don't Let Your App Go 'BOOM' 💥 — Liran Tal https://www.nodejs-security.com/blog/nodejs-and-owasp-top-ten-command-injection-dont-let-your-app-go-boom 0 comments