This week, the nsp team was focused primarily on improving our backend processes and some automation tools to help us track down those pesky vulnerabilities for you.
Today, the Node Security team is offering a new service called nsp Insider that embeds our security experts in your team’s workflow.
shell-quote is a npm module that allows the user to quote and parse shell commands. This should allow safe use for shell commands, since it should escape all malicious input.
Minimatch (https://github.com/isaacs/minimatch) is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects.
Express 4.14.0 was just published. With it an update that makes defending against Cross-Site Request Forgery (CSRF) easier. This post will give an overview of…
At the end of April I found a flaw in a module that Express and many other frameworks use. This flaw allows a remote attacker to block the event loop of a remote site causing a Denial of Service effectively blocking the site from…