Hacker News
- NPM package compromised by author: erases files on RU / BY computers on install https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 164 comments
- The most popular docker images each contain at least 30 vulnerabilities https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/ 159 comments
- Snyk.io – Find and fix known vulnerabilities in Node.js dependencies https://snyk.io 7 comments
- Best practices for building a production-ready Dockerfile for PHP applications | The Snyk blog https://snyk.io/blog/building-production-ready-dockerfile-php/ 10 comments php
- Choosing the best Node.js Docker image | Snyk https://snyk.io/blog/choosing-the-best-node-js-docker-image/ 3 comments node
- A short how-to on Secure JavaScript URL validation https://snyk.io/blog/secure-javascript-url-validation/ 2 comments javascript
- Reviewing CVE-2022-42889: The arbitrary code execution vulnerability in Apache Commons Text https://snyk.io/blog/reviewing-cve-2022-42889-in-apache-commons-text/ 2 comments programming
- Avoiding SMTP Injection https://snyk.io/blog/avoiding-smtp-injection/ 2 comments programming
- Testing in Terraform https://snyk.io/blog/testing-effectively-in-terraform/ 2 comments terraform
- Understanding the CSRF vulnerability in popular csurf npm package https://snyk.io/blog/explaining-the-csurf-vulnerability-csrf-attacks-on-all-versions/ 9 comments node
- Creating Modern npm Packages https://snyk.io/blog/best-practices-create-modern-npm-package/ 22 comments javascript
- dompdf security alert: RCE vulnerability found in PHP PDF library https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/ 7 comments laravel
- Node.js library updated to overwrite all files and leave anti-war messages for users with Russian and Belarussian IPs https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability 66 comments programming
- Vue.js applications with the dependency "node-ipc" are experiencing a critical supply chain vulnerability as a result of the nested dependencies node-ipc and peacenotwar being sabotaged as an act of protest (of the invasion of Ukraine) by the maintainer of the node-ipc package https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 5 comments programming
- How can I update Debian packages so that "docker scan" reports zero security vulnerabilities? https://snyk.io/ 4 comments debian
- Log4Shell Remediation Cheat Sheet | Created by Java Champion and security researcher at Snyk https://snyk.io/blog/log4shell-remediation-cheat-sheet/ 18 comments java
- JVM Ecosystem Report 2021 https://snyk.io/jvm-ecosystem-report-2021/ 78 comments java
- Finally, a curation of 10 React security best practices https://snyk.io/blog/10-react-security-best-practices/ 10 comments javascript
- Why npm lockfiles can be a security blindspot for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 27 comments javascript
- Snyk state of open source security - including many interesting Kubernetes stats! https://snyk.io/open-source-security-report/ 3 comments kubernetes
- Yarn 2 - Let's build a plugin together! https://snyk.io/blog/yarn-2-plugins/ 5 comments javascript
- Yarn 2 — the future of package managers for JavaScript? https://snyk.io/blog/yarn-2-intro/ 15 comments javascript
- 10 Django security tips https://snyk.io/blog/django-security-tips/ 8 comments django
- Centos8 vs RHEL8 https://snyk.io 7 comments redhat
- Why npm lockfiles can be a security blindspot in Github PRs for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 17 comments javascript
- Why npm lockfiles can be a security blindspot for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 8 comments netsec
- Why npm lockfiles can be a security blindspot in Github PRs for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 3 comments webdev
- Deploying a Gatsby site to GitHub Pages from Travis CI https://snyk.io/blog/deploying-a-gatsby-site-to-github-pages-from-travis-ci/ 5 comments javascript
- Angular vs React: the security risk of indirect dependencies https://snyk.io/blog/angular-vs-react-the-security-risk-of-indirect-dependencies 12 comments javascript
- 6 Stages of Refactoring a Jest Test Case https://snyk.io/blog/6-stages-of-refactoring-a-jest-test-case/ 3 comments javascript
- Snyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodash https://snyk.io/blog/snyk-research-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecting-all-versions-of-lodash/ 28 comments javascript
- npm passes the 1 millionth package milestone! What can we learn? https://snyk.io/blog/npm-passes-the-1-millionth-package-milestone-what-can-we-learn/ 66 comments javascript
- The top two most popular Docker base images each have over 500 vulnerabilities https://snyk.io/blog/the-top-two-most-popular-docker-base-images-each-have-over-500-vulnerabilities/ 20 comments docker
- After three years of silence, a new jQuery prototype pollution vulnerability emerges once again https://snyk.io/blog/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again/ 6 comments javascript
- Top ten most popular docker images each contain at least 30 vulnerabilities https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/ 18 comments programming
- Top ten most popular docker images each contain at least 30 vulnerabilities https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/ 24 comments docker
- JVM Ecosystem Report 2018 - biggest ever JVM survey https://snyk.io/blog/jvm-ecosystem-report-2018 5 comments java
- Snyk - Zip Slip Vulnerability https://snyk.io/research/zip-slip-vulnerability 23 comments programming
- Local Type Inference Cheat Sheet for Java 10 and beyond! https://snyk.io/blog/local-type-inference-java-cheat-sheet/ 14 comments java
- 77% of 433,000 Sites Use Vulnerable JavaScript Libraries https://snyk.io/blog/77-percent-of-sites-still-vulnerable/ 3 comments javascript
- Type Manipulation: Escaping Template Sandboxes https://snyk.io/blog/type-manipulation/ 3 comments netsec
- How Ruby Gem versioning differs from that of Node's https://snyk.io/blog/ 10 comments ruby
- Attackers can (relatively) easily publish malicious npm packages. Here's how to prevent it. https://snyk.io/blog/publishing-malicious-packages/ 3 comments netsec
Linking pages
- GitHub - goldbergyoni/javascript-testing-best-practices: 📗🌐 🚢 Comprehensive and exhaustive JavaScript & Node.js testing best practices (July 2023) https://github.com/goldbergyoni/javascript-testing-best-practices 138 comments
- GitHub - goldbergyoni/nodebestpractices: The Node.js best practices list (March 2023) https://github.com/i0natan/nodebestpractices 129 comments
- GitHub - analysis-tools-dev/static-analysis: ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality. https://github.com/analysis-tools-dev/static-analysis 112 comments
- GitHub - goldbergyoni/nodebestpractices: :white_check_mark: The Node.js best practices list (December 2023) https://github.com/goldbergyoni/nodebestpractices 94 comments
- GitHub - RunaCapital/awesome-oss-alternatives: Awesome list of open-source startup alternatives to well-known SaaS products 🚀 https://github.com/RunaCapital/awesome-oss-alternatives 92 comments
- Software is drowning the world https://jamesabley.com/software-is-drowning-the-world/ 87 comments
- GitHub - ripienaar/free-for-dev: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev https://github.com/ripienaar/free-for-dev 80 comments
- Docker Security - OWASP Cheat Sheet Series https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html 61 comments
- We’re under attack! 23+ Node.js security best practices | by Node.js Best Practices | Medium https://medium.com/@nodepractices/were-under-attack-23-node-js-security-best-practices-e33c146cb87d 61 comments
- Small world with high risks: a study of security threats in the npm ecosystem | the morning paper https://blog.acolyer.org/2019/09/30/small-world-with-high-risks/ 60 comments
- Want to take over the Java ecosystem? All you need is a MITM! | by Jonathan Leitschuh | InfoSec Write-ups https://medium.com/@jonathan.leitschuh/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb 53 comments
- XSS Attacks: The Next Wave | Snyk https://snyk.io/blog/xss-attacks-the-next-wave/ 43 comments
- Who’s at the Helm?. Or, how to deploy 25+ CVEs to prod in… | by Dan Lorenc | Medium https://dlorenc.medium.com/whos-at-the-helm-1101c37bf0f1 42 comments
- Accio Dependency Manager. You may have noticed a number of “What… | by Corentin | Medium https://medium.com/@corentin.jabot/accio-dependency-manager-b1846e1caf76 41 comments
- HTML5 Input Types: Where Are They Now? — Smashing Magazine https://www.smashingmagazine.com/2019/01/html5-input-types/ 40 comments
- 5 common mistakes in every Node.js app | by Alejandro Oviedo | Medium https://medium.com/@a0viedo/a4bea7ac05bc 38 comments
- Malicious Chinese SDK In 1,200 iOS Apps With Billions Of Installs Causing ‘Major Privacy Concerns To Hundreds Of Millions Of Consumers’ https://www.forbes.com/sites/johnkoetsier/2020/08/24/malicious-chinese-sdk-in-1200-ios-apps-with-billions-of-installs-causing-major-privacy-concerns-to-hundreds-of-millions-of-consumers/#2049e35e1aa0 29 comments
- How to avoid NPM supply chain attacks. | by michael sorensen | ITNEXT https://medium.com/@voltx180/how-to-avoid-npm-supply-chain-attacks-2fb8d7eab4d3?sk=da3b5580427ec8ee9c11a8b01284bebb&source=friends_link 29 comments
- 13 Security Tips For Frontend App | Better Programming https://medium.com/better-programming/frontend-app-security-439797f57892 26 comments
- Kubernetes Essential Tools: 2021. Review of the best tools for Kubernetes | by Javier Ramos | ITNEXT https://itnext.io/kubernetes-essential-tools-2021-def12e84c572 25 comments