What would you say are your top most struggles when it comes to securing your Node.js apps today?
Liran Tal

Liran Tal @lirantal

About: GitHub Star 🌟 · DevRel at Snyk 🥑 · Author of Essential Node.js Security · Node.js CLI Best Practices 🔥 · Docker security 🐳

Location:
Israel
Joined:
Mar 15, 2017

What would you say are your top most struggles when it comes to securing your Node.js apps today?

Publish Date: Feb 13
0 1

Hi Node.js Devs 👋

Trying to get a handle of how can I best help unblock server-side developers in their appsec workflows...

  • Did we get the whole 3rd-party dependency vulnerabilities figured out?

  • What sort of help do you need?

  • What tool or resource can help unblock you?

  • What are you spending time on to secure your apps? (like is it secrets, env vars, authentication, thinking about your API security? something else?)

Comments 1 total

  • tamusjroyce
    tamusjroyceFeb 17, 2025

    Abandon insecure node. And switch to deno

    Parameter pollution and a lot of other things need considered. But your root runtime doesn’t support signing, isn’t founded on a language that supports security: rust with safe wrappers around C++ like V8, you are playing with fire

    Given you have to use import. Require is not supported outside of library compatibility. Since require does not support tree shaking

Add comment