2018-12-07
1008
#node
Alberto Gimeno
105
Dec 7, 2018 â‹… 3 min read

How to protect your Node.js applications from malicious dependencies

Alberto Gimeno Ecosystem Engineer at GitHub. Sometimes I write about JavaScript, Node.js, and frontend development.

Recent posts:

A Guide To Graceful Degradation In Web Development

A guide to graceful degradation in web development

Implement graceful degradation in frontend apps by handling failures, mitigating API timeouts, and ensuring a seamless UX with fallbacks.

Rosario De Chiara
Feb 11, 2025 â‹… 4 min read
Building High-Performance Websites Using Htmx And Go

Building high-performance websites using htmx and Go

Use htmx and Go to build high-performance websites, leveraging server-side rendering and minimal JavaScript for fast and efficient applications.

Abhinav Anshul
Feb 10, 2025 â‹… 11 min read
improving ux with scroll-select box

How to improve UX with a scroll-select box

The scroll-select box is a great tool for frontend developers to improve the user experience of their applications. Learn how to build a scrollable date picker that mimics the iOS style, but with the exemption of the <select> element.

Emmanuel Odioko
Feb 7, 2025 â‹… 10 min read
Deploying Next.js apps with Deno Deploy

Deploying Next.js apps with Deno Deploy

For those just getting started with deploying their first application, Deno Deploy’s simplicity might be exactly what you need; no complex configuration files to wrestle with or cloud concepts to master before getting your app live.

Emmanuel Odioko
Feb 6, 2025 â‹… 5 min read
View all posts

2 Replies to "How to protect your Node.js applications from malicious dependencies"

  1. This method is good for standard methods, but do you know what is a good way to block calls at the system level? When calls reach the v8 engine or uv, it should be able to implement a gating mechanism where the user can be asked consent.
    This model is similar to android apps where we are told the permissions that the app requires in advance, and any additional access is denied till the user explicitly approves it.

  2. I actually created a library that does something very similar to this, but uses a more sensible approach for permissions. It also differentiates between 1st/3rd party code so that your main application doesn’t have to jump through hoops https://github.com/yaakov123/hagana

Leave a Reply