2018-12-07
1008
#node
Alberto Gimeno
105
Dec 7, 2018 â‹… 3 min read

How to protect your Node.js applications from malicious dependencies

Alberto Gimeno Ecosystem Engineer at GitHub. Sometimes I write about JavaScript, Node.js, and frontend development.

Recent posts:

CSS logo in front of pile of green matcha tea, which represents the matcha.css library discussed in this article.

How to style HTML with matcha.css

Matcha, a famous green tea, is known for its stress-reducing benefits. I wouldn’t claim that this tea necessarily inspired the […]

Emmanuel Odioko
Oct 7, 2024 â‹… 10 min read
CSS typography in white on a vibrant red geometric background. Article will focus on the CSS backdrop-filter property and its various functions, including blur, grayscale, brightness, and drop-shadow.

How to use the CSS backdrop-filter property

Backdrop and background have similar meanings, as they both refer to the area behind something. The main difference is that […]

Oscar Jite-Orimiono
Oct 4, 2024 â‹… 10 min read
6 AI Tools For API Testing And Development

6 AI tools for API testing and development

AI tools like IBM API Connect and Postbot can streamline writing and executing API tests and guard against AI hallucinations or other complications.

Frank Joseph
Oct 3, 2024 â‹… 12 min read
Patterns For Efficient DOM Manipulation With Vanilla JavaScript

Patterns for efficient DOM manipulation with vanilla JavaScript

Explore DOM manipulation patterns in JavaScript, such as choosing the right querySelector, caching elements, improving event handling, and more.

Joe Attardi
Oct 2, 2024 â‹… 8 min read
View all posts

2 Replies to "How to protect your Node.js applications from malicious dependencies"

  1. This method is good for standard methods, but do you know what is a good way to block calls at the system level? When calls reach the v8 engine or uv, it should be able to implement a gating mechanism where the user can be asked consent.
    This model is similar to android apps where we are told the permissions that the app requires in advance, and any additional access is denied till the user explicitly approves it.

  2. I actually created a library that does something very similar to this, but uses a more sensible approach for permissions. It also differentiates between 1st/3rd party code so that your main application doesn’t have to jump through hoops https://github.com/yaakov123/hagana

Leave a Reply