There are a few Node Security tools that might come in handy.
The first is our lesser known eslint security rules - Useful for finding some security issues in code. Better for spot checks than running all the time like a normal linter due to false positives for many of the rules.
Second is nsp which you can use to check for known vulnerabilities in dependencies. Shameless plug if you want continuous monitoring vs spot checking with a cli tool, sign up at nodesecurity.io (free for open source)
I was wondering if you can also help me with this: ESLint has hundreds (maybe even thousands) of plugins and I wanted to understand for security specifically, can you recommend any (besides the ones in OWASP Top 10, or these below:
There are a few Node Security tools that might come in handy.
The first is our lesser known eslint security rules - Useful for finding some security issues in code. Better for spot checks than running all the time like a normal linter due to false positives for many of the rules.
Second is nsp which you can use to check for known vulnerabilities in dependencies. Shameless plug if you want continuous monitoring vs spot checking with a cli tool, sign up at nodesecurity.io (free for open source)
Hey Adam!
I was wondering if you can also help me with this: ESLint has hundreds (maybe even thousands) of plugins and I wanted to understand for security specifically, can you recommend any (besides the ones in OWASP Top 10, or these below:
What other plugins are there for security? Which are the best/most popular? Thank you so much!