Developers on urged to be aware of potential issues from client-side cousin.
First up, if you’re using the hugely popular
Node.js, don’t panic, we’re not here to deliver a bleak prophecy of
Java-applet scale plagues. In fact, Node.js itself is pretty
by a few recent
security experts have advised Node.js users
A critical tool at places like PayPal and
platform also plays a role in helping to ensure the security of
financial transactions and various other kinds of enterprise client
data. Although immensely helpful, the innate characteristics of the
particularly vulnerable to attack.
According to Adam Baldwin, chief security
officer at security consulting firm Lift Security, whilst key
a browser because it executes on the server. That difference adds
some unique surface area [for attacks].”
Mark Stuart, a senior UI engineer at PayPal,
chimes in that developers should ensure they are using
reliable security defaults and scanning modules, warning that,
things on the client side still exist on the server
Baldwin is an expert in all things relating to
Node security, heading up Node Security Project
around his daily role. The key goal of this initiative is to
eventually audit every single module in npm. In addition to this
impressive target, the project wants to provide advisories, issues
and pull requests so modules get fixed, as well as a public
API and DB of audit results.
Although still in its infancy, overall, the project
appears to be a welcome addition to the youthful Node-iverse.
Ultimately, Baldwin and his team hope that the project will not
only help improve the security of the Node landscape on a technical
level, but also bolster confidence among developers and enterprises
about the state of security in Node.js.