Archive for October, 2018

js packages and security

Posted: October 15, 2018 in ECMAScript 6, javascript
Tags:

Nowadays JavaScript is on the top of the mind of everyone on Digital World. This humble language is something clients and developers follow and that is the main language for all the generation millennial of developer’s.

When JavaScript had scale to the podium of the top languages and being a language available to use on the forntend, on the backend and app level  package distribution had start to be a standard also.

NPM is the most common package manager used by JavaScript community. 6 months ago in a project where security was one of the main concerns i discover something i would like to share today.

If you can upload and modify packages is possible to have security breaches or the induction of attacks via js package. Since developers are bringing NPM or other source JavaScript packages they can been bringing also security themes.

That’s way i decided to write this post to help you with a clue off how to see if you can or not believe in one or more packages giving you a new best practice.

The best way to grant protection of the packages you are bringing on to the project, with identified package references at the package.json file is to check for security news of vulnerability.

If you are using a version older then the version 6 of NPM you should check package security using th efollowing trick.

  1. install the node security platform : ‘npm install -g nsp’
  2. wait for the installation of the package
  3. use nsp chck to grant that every module that is obtain by package and refered in the package.json is vulnerabilities free

If you are using Node 6 or a biger version, NSP had become built in feature, so you have a new command ‘npm audit’ that allow to make a security audit.

To run one off this method’s should be a recurrent task on a JavaScript project even if you are behind the trenaches of a framework (React, Angular, Vue.js)

If you are using a compiler or a DEVOPS with autonation process you should include this validation in the built of the solution.

 

 

Advertisements

In the last months i had been working on a project that had require that to solve some issues to build a lot off simple tools to help us achieve a new milestone.

Today i had a new simple need and find a lot of troubles to get an answer. I had just to copy some images to a new folder from a vast universe.

This little tool should run on a production server. Powershell comes to the rescue, but i had a lot off trouble to get a spinet for my problem.

So here the way i solve this:

1st: identify the files i want to copy and get a kind off database for that, we had create a CSV file for that with the following struture

YourFileName
2.docx
4.docx
n.docx

n+many.docx

2st create a folder where i will save the copying files

3st Iterate for each line of the YourFileName column and copy each file for the destiny folder

what i need to know to do this:

  • How to load the CSV file fot powershell consumption, this can be made by the command ‘Import-Csv fileList1.csv’ this will load into memory the whole file
  • How to read each line, since we had the need to create a cycle we can use the following instruction ForEach { }
  • Define the intended action for each row in the CSV file

The result of this comes in the fantastic line of code

Import-Csv fileList1.csv | ForEach {Copy-Item “c:\AllFilesUniverse\$($_.YourFileName)” f:\SelectedFiles }

We now just have to open the Windows powershell

and execute or command, a special attention in order for the command work we should runit on c:\ otherwize we need to put the full path for the csv file