Archive for the ‘ECMAScript 6’ Category

js packages and security

Posted: October 15, 2018 in ECMAScript 6, javascript
Tags:

Nowadays JavaScript is on the top of the mind of everyone on Digital World. This humble language is something clients and developers follow and that is the main language for all the generation millennial of developer’s.

When JavaScript had scale to the podium of the top languages and being a language available to use on the forntend, on the backend and app level  package distribution had start to be a standard also.

NPM is the most common package manager used by JavaScript community. 6 months ago in a project where security was one of the main concerns i discover something i would like to share today.

If you can upload and modify packages is possible to have security breaches or the induction of attacks via js package. Since developers are bringing NPM or other source JavaScript packages they can been bringing also security themes.

That’s way i decided to write this post to help you with a clue off how to see if you can or not believe in one or more packages giving you a new best practice.

The best way to grant protection of the packages you are bringing on to the project, with identified package references at the package.json file is to check for security news of vulnerability.

If you are using a version older then the version 6 of NPM you should check package security using th efollowing trick.

  1. install the node security platform : ‘npm install -g nsp’
  2. wait for the installation of the package
  3. use nsp chck to grant that every module that is obtain by package and refered in the package.json is vulnerabilities free

If you are using Node 6 or a biger version, NSP had become built in feature, so you have a new command ‘npm audit’ that allow to make a security audit.

To run one off this method’s should be a recurrent task on a JavaScript project even if you are behind the trenaches of a framework (React, Angular, Vue.js)

If you are using a compiler or a DEVOPS with autonation process you should include this validation in the built of the solution.

 

 

Advertisements

Helho Fellows. Happy new Year!

Is true i had been a little quiet in the last months that is essential related with the different Development Projects i had
been involved. And also do the need off total focus in some technologies i had been digging hard (FrontEnd, BackEnd and also IA technologies).

One off the things that had been take a great part of my experiments and efforts had been in the learning put in practice and start to show how to use and how to start right away is ECMAScript 6.

Soon you could see some off my work in the mobile apps, IOT and web ecosystem i’ had been starting with this new silver bullet web technology.

largeES6

You may also share some off my knowledge in some tech speaking sessions coming up. I will start also to share the deep dives i had made until now.

One off the most effective issues battles for today, is good references, and that is a reason why i am writing you, Axel Rauschmayerhad create one off the first real full worth to read references in this technology i suggest you to take a look at https://leanpub.com/setting-up-es6
this can be an excellent reference. Paring this reference with https://hacks.mozilla.org/category/es6-in-depth/ can be a great quick start for ES 6 at this time.

Good step into the future 🙂