If you ever find Server Side Request Forgery (SSRF) in a node.js based application and the app is using the request module you can use a special url format to detect the existence of files / directories.
I’ve learned a long time ago that not all security research pans out with a stack of vulnerabilities but every time I venture down a rabbit hole I learn something along the way. This is one of those times.
The Node Security team is excited to announce version 3.0.0 of the nsp CLI tool.
Get it by running
npm i nsp@next
This release marks the 3rd major iteration of the CLI. While the changes mentioned below may seem minor the entire CLI was…