DevSecOps · Security

Node.js Has Vulnerabilities

Its fairly esoteric but if any of the security professionals out there have ever pen tested a java script application, you know just how vulnerable they can be. Node.js is just the shiny new java script framework and tne newest heir apparent to JQuery. The problem with Node.js is that in order to write anything in Node.js, you have to import a lot of dependencies. According to Veracode, the average number of inclusions in a single Node.js program is the ungodly number of 377.

With this new vulnerability, if any one of those 377 packages have a vulnerability to Hidden Property Abuse, your entire code base may be vulnerable to it. I note this number because experienced high quality developers who consistently use a given framework often know which packages, libraries, etc. have issues and avoid them. There is no real way to keep track of 377 different packages on a daily basis without automation.

Leave a Reply

Your email address will not be published.