{"id":13797393,"url":"https://github.com/wahengchang/nodejs-security-must-know","last_synced_at":"2026-03-05T08:02:32.791Z","repository":{"id":84319821,"uuid":"90710522","full_name":"wahengchang/nodejs-security-must-know","owner":"wahengchang","description":"It is a note about security on nodejs","archived":false,"fork":false,"pushed_at":"2018-07-16T05:44:24.000Z","size":11,"stargazers_count":48,"open_issues_count":0,"forks_count":12,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-11T03:32:54.128Z","etag":null,"topics":["command","injection","node","nodejs","security"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wahengchang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-05-09T06:30:42.000Z","updated_at":"2024-10-22T12:09:52.000Z","dependencies_parsed_at":"2024-01-07T06:49:41.103Z","dependency_job_id":null,"html_url":"https://github.com/wahengchang/nodejs-security-must-know","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/wahengchang/nodejs-security-must-know","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wahengchang%2Fnodejs-security-must-know","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wahengchang%2Fnodejs-security-must-know/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wahengchang%2Fnodejs-security-must-know/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wahengchang%2Fnodejs-security-must-know/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wahengchang","download_url":"https://codeload.github.com/wahengchang/nodejs-security-must-know/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wahengchang%2Fnodejs-security-must-know/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30115662,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T03:40:26.266Z","status":"ssl_error","status_checked_at":"2026-03-05T03:39:15.902Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command","injection","node","nodejs","security"],"created_at":"2024-08-03T23:01:29.666Z","updated_at":"2026-03-05T08:02:32.755Z","avatar_url":"https://github.com/wahengchang.png","language":"JavaScript","funding_links":[],"categories":["\u003ca id=\"9f9fed5b730bc5bfceaaf77da3aa719e\"\u003e\u003c/a\u003e笔记\u0026\u0026文章\u0026\u0026教程"],"sub_categories":[],"readme":"# Nodejs security must know\nThis is a note about Node.js security, by reading the amazing book __*Securing Node Applications*__ by @ChetanKarade, which explains couple of common vulnerabilities in very simple way, and provides relevant npm modules as solutions to protect Node.js Web Apps.\n\nThe rate of security incidents is on the rise, based on the analysis of 64,199 security incidents and 2,260 breaches in 2015, the Verizon Data Breach Investigations Report published that the top 10 vulnerabilities accounted for 85 percent of these successful exploits. \n\n## Content\n - Command Injection : [more](https://github.com/wahengchang/nodejs-security-must-know/tree/master/command_injection)\n - Broken Authentication : [more](https://github.com/wahengchang/nodejs-security-must-know/tree/master/broken_authentication)\n - Cross-Site Scripting [more](https://github.com/wahengchang/nodejs-security-must-know/tree/master/cross_site_scriptingg)\n - Insecure Direct Object References[more](https://github.com/wahengchang/nodejs-security-must-know/tree/master/direct_object_reference)\n\n## Remark\n - hijack\n - exploit\n - vulnerable\n\n# Reference:\n[OWASP](https://www.owasp.org/index.php/Main_Page)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwahengchang%2Fnodejs-security-must-know","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwahengchang%2Fnodejs-security-must-know","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwahengchang%2Fnodejs-security-must-know/lists"}