nodejs/nodebestpractices
1
0
Fork 0
mirror of https://github.com/goldbergyoni/nodebestpractices.git synced 2025-10-27 10:55:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
nodebestpractices/sections/production/detectvulnerabilities.md
DouglasMV 5f27dcdd24 Translated Section 6 (#361) 
* translated lint rules

* translated limit requests

* translated secret management

* translated ORM ODM usage

* translated secure server

* translated commum security best pratices

* translated secure headers

* translated dependency security

* translated bcrypt passwords

* translated escape output

* translated validation

* translated expire jwt

* translated login rate limit

* translated non root user

* translated request payload size limit

* translated avoid eval

* translated regex

* translated safe module loading

* translated sandbox

* translated child processes

* translated hide errors

* translated sessions

* translated safe redirects

* changed links to tranlated files & fixed a typo

* translated ESlint and Prettier

* translated native over util

* translated refactoring

* translated ci tools

* translated 3 parts in name

* translated monitoring

* translated smart logging

* translated delegate to proxy

* translated lock dependencies

* translated guard process

* translated utilize cpu

* translated create maintenance endpoint

* translated apm products

* translated production code

* translated measure memory

* translated frontend out

* translated be stateless

* translated detect vulnerabilities

* translated assign transation ID

* translated set NODE_ENV

* translated LTS release

* translated log rounting

* translated break into components

* translated create layers

* translated wrap utilities

* translated separate express

* translated config guide

* corrected typos and updated anchors

* corrected files names
2019-03-19 12:52:46 +05:30

21 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Use tools that automatically detect vulnerable dependencies
<br/><br/>
### One Paragraph Explainer
Modern Node applications have tens and sometimes hundreds of dependencies. If any of the dependencies
you use has a known security vulnerability your app is vulnerable as well.
The following tools automatically check for known security vulnerabilities in your dependencies:
- [npm audit](https://docs.npmjs.com/cli/audit) - npm audit
- [snyk](https://snyk.io/) - Continuously find & fix vulnerabilities in your dependencies
<br/><br/>
### What Other Bloggers Say
From the [StrongLoop](https://strongloop.com/strongblog/best-practices-for-express-in-production-part-one-security/) blog:
> ...Using to manage your applications dependencies is powerful and convenient. But the packages that you use may contain critical security vulnerabilities that could also affect your application. The security of your app is only as strong as the “weakest link” in your dependencies. Fortunately, there are two helpful tools you can use to ensure the third-party packages you use: nsp and requireSafe. These two tools do largely the same thing, so using both might be overkill, but “better safe than sorry” are words to live by when it comes to security...
Reference in New Issue View Git Blame Copy Permalink