Homepage
Open in app
Sign in
Get started
Node Security
NSP has been acquired by npm, Inc. to build a range of security projects to help companies develop JavaScript securely. You can see what we’re up to at npmjs.com and at blog.npmjs.org.
Follow
npm Acquires ^Lift Security and the Node Security Platform
npm Acquires ^Lift Security and the Node Security Platform
Today, we’re excited to announce that npm, Inc. has acquired the team and assets of ^Lift Security, including their work on the Node…
npm, Inc.
Apr 10, 2018
npm Registry Spelunking: Dependencies Referenced by URL
I’ve learned a long time ago that not all security research pans out with a stack of vulnerabilities but every time I venture down a rabbit…
Adam Baldwin
Nov 8, 2017
Announcing nsp 3.0.0
The Node Security team is excited to announce version 3.0.0 of the nsp CLI tool.
Adam Baldwin
Oct 4, 2017
Finding and fixing ReDoS in the hapi framework
Recently a Regular Expression Denial of Service issue was reported on the content repository, a part of the hapi framework. The issue has…
Nathan LaFreniere
Sep 21, 2017
Pull Requests Welcome: We need your help to fix some ReDoS vulnerabilities
Pull Requests Welcome: We need your help to fix some ReDoS vulnerabilities
Recently there were a large number of regular expression denial of service ( ReDoS ) vulnerabilities released to the public via GitHub…
Adam Baldwin
Sep 20, 2017
4 years of Node Security
4 years of Node Security
Today marks the 4th birthday of the Node Security Project. During that time we accomplished a lot, failed more than a few times, and…
Adam Baldwin
Apr 18, 2017
Potential DoS using lodash/underscore collection methods over user inputs
JavaScript is a magical language. Functions are objects, and objects can have new properties added on the fly. Compilers optimize the code…
syrnick
Mar 24, 2017
About Node Security
Latest Stories
Archive
About Medium
Terms
Privacy
Teams