Clean the Modules You Use in Your Code

Instead of developing applications from scratch, we typically integrate existing code and libraries. This is especially common for Node.js applications, since NPM has over 200,000 published packages (and growing!). The fact that there’s a vast library of existing code that can be plugged into any project is one of the things that makes Node.js development fast. However, there’s a security trade-off to the speed and convenience.

The packages in the repository vary greatly in code quality, available documentation, maintenance schedule, and even the language (JavaScript, CoffeeScript, C, C++) used. They are developed and maintained by different teams and individuals, making it difficult to have a consistent ...

Get Secure Your Node.js Web Application now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.