Skip to content

Instantly share code, notes, and snippets.

@ethan-deng

ethan-deng/Node-Security.md

Last active January 14, 2018 08:55
Show Gist options
  • Save ethan-deng/bdb542f7a6af6c1e04088c9d13ad1d8f to your computer and use it in GitHub Desktop.
Save ethan-deng/bdb542f7a6af6c1e04088c9d13ad1d8f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Node-Security.md

Node.js Security

  1. Use Helmet.js
  2. Cast string to String when using JSON object from body
  3. Regulary Expression DDOS
  4. Use "Validator.js" to validate string
  5. Safe-regex
  6. Snyk or Yarn for dependencies
  7. https://duo.com/blog/hunting-malicious-npm-packages
  8. https://docs.npmjs.com/cli/shrinkwrap
  9. https://docs.npmjs.com/files/package-locks
  10. Check headers http://cyh.herokuapp.com/cyh
  • Always use "use strict"
  • Use "ParseInt" or "ParsetFloat" with base 10
  • Use strict comparisons "==="
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment