In this article, we’ll take a look at what you need to keep in mind from an application security perspective when choosing and managing your npm dependencies, as well as tips and tricks you can employ to make this process easier and more manageable. Tips for Managing NPM Dependencies
Part of the reason why Node.js is so appealing is that it allows for easy application extensibility; you focus on your core competencies, and if you need additional features or functionality, you can include them by adding dependencies.
There are multiple downsides to the modularity of Node.js and the use of external dependencies, but with careful consideration, you can minimize the downsides from an application security perspective.
Many of the packages available to you in the npm registry are safe to use, but it goes without saying that this is not 100% true — dependencies that are safe today may not be safe tomorrow. Furthermore, dependencies that are created and maintained by a single author can be problematic, and dependencies that further rely on dependencies can result in what’s called the Node Module Hole.
In this article, we’ll take a look at what you need to keep in mind from an application security perspective when choosing and managing your npm dependencies, as well as tips and tricks you can employ to make this process easier and more manageable.
When choosing your dependency, take some time to make sure that the package isn’t suspicious or problematic. The npm repository offers package rating metrics and other social cues, such as ratings and popularity, that can signify whether a package is good or not.
There are other cues, too. What’s the maintenance history of the package? How many releases have there been? Has the creator maintained a regular schedule of fixes and upgrades, or has it been a while since anyone has done work on the package?
You should also be on the lookout for changes in ownership over the package; many a time, a creator has handed over the reins to a package, and the new owner(s) introduce malicious code into a once-trusted package.
The tip of the iceberg is knowing which dependencies you’ve used (and hopefully why), but the modular nature of Node.js means that your dependencies are most likely relying on dependencies, too.
It’s easy to keep tabs on the dependencies you’ve opted for, but it’s important that you keep tabs on the dependencies on which your dependencies rely.
Top 10 best practices to keep your node.js app secure. Web Security is an ever-changing field, with attackers finding new and innovative ways to access an unsuspecting user’s system. An insecure app is bound to be exploited by a seasoned attacker, in one form or another.
Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots
In the modern era, REST APIs become an integral part of the applications. Check out some of the best practices for securing APIs.
In this article, you'll see top 10 npm security best practices for the developers
Here is a list of seven key elements that should be considered in your web app security strategy. Web Application Security has been one of the most significant parts when it comes to web app development.