2018-12-07
1008
#node
Alberto Gimeno
105
Dec 7, 2018 â‹… 3 min read

How to protect your Node.js applications from malicious dependencies

Alberto Gimeno Ecosystem Engineer at GitHub. Sometimes I write about JavaScript, Node.js, and frontend development.

Recent posts:

axios in javascript

Axios in JavaScript: How to make GET, POST, PUT and DELETE requests

Learn how to use Axios in JavaScript for GET, POST, PUT & DELETE requests. Examine setup, error handling, and API best practices.

Faraz Kelhini
Apr 1, 2025 â‹… 19 min read
how AI is shaping the future of 3D web development

How AI is shaping the future of 3D web development

AI for 3D web development is taking the internet by storm. Learn about this trend, the best tools for 3D web experiences, and how it’ll affect the development landscape moving forward.

Elijah Asaolu
Apr 1, 2025 â‹… 5 min read
docker exit code 1

How to troubleshoot exit code 1 in Docker

exit code 1 is one of the most common and frustrating errors for developers working in Docker. Explore what it means and how to fix it.

Ukeje Goodness
Apr 1, 2025 â‹… 4 min read
axios vs fetch 2025 update

Axios vs. Fetch (2025 update): Which should you use for HTTP requests?

Fetch() is native, but Axios is powerful. Which should you use in 2025? We compare features, error handling, and performance to help you decide.

Faraz Kelhini
Apr 1, 2025 â‹… 13 min read
View all posts

2 Replies to "How to protect your Node.js applications from malicious dependencies"

  1. This method is good for standard methods, but do you know what is a good way to block calls at the system level? When calls reach the v8 engine or uv, it should be able to implement a gating mechanism where the user can be asked consent.
    This model is similar to android apps where we are told the permissions that the app requires in advance, and any additional access is denied till the user explicitly approves it.

  2. I actually created a library that does something very similar to this, but uses a more sensible approach for permissions. It also differentiates between 1st/3rd party code so that your main application doesn’t have to jump through hoops https://github.com/yaakov123/hagana

Leave a Reply