DEV Community

Liran Tal
Liran Tal

Posted on

What would you say are your top most struggles when it comes to securing your Node.js apps today?

Hi Node.js Devs 👋

Trying to get a handle of how can I best help unblock server-side developers in their appsec workflows...

  • Did we get the whole 3rd-party dependency vulnerabilities figured out?

  • What sort of help do you need?

  • What tool or resource can help unblock you?

  • What are you spending time on to secure your apps? (like is it secrets, env vars, authentication, thinking about your API security? something else?)

Top comments (1)

Collapse
 
tamusjroyce profile image
tamusjroyce • Edited

Abandon insecure node. And switch to deno

Parameter pollution and a lot of other things need considered. But your root runtime doesn’t support signing, isn’t founded on a language that supports security: rust with safe wrappers around C++ like V8, you are playing with fire

Given you have to use import. Require is not supported outside of library compatibility. Since require does not support tree shaking

profile
Neon
 Promoted

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

Read next

dct_technologyprivatelimited profile image

🚀 Build Better Projects: 10 Online Tools for Debugging & Testing You Can’t Miss!

DCT Technology -

jeshlin_pv_1628a63168e90 profile image

How I Passed the AZ-900 Exam: My Study Plan, Resources & Tips

Jeshlin P V -

kurealnum profile image

An Actually Productive Arch Linux Setup

Oscar -

santattech profile image

Progressive web app styling

Santanu Bhattacharya -