Preview Mode Links will not work in preview mode

Dec 18, 2018

Mike Samuels

Hardening NodeJS


Speaking engagement talks:

A Node.js Security Roadmap at -

Improving Security by Improving the Framework @ Node Summit -

Achieving Secure Software through Redesign at Nordic.js -

What is a package: (holy hell, why is this so complicated?)


A package is any of:

  1. a) a folder containing a program described by a package.json file
  2. b) a gzipped tarball containing (a)
  3. c) a url that resolves to (b)
  4. d) a <name>@<version> that is published on the registry with ©
  5. e) a <name>@<tag> that points to (d)
  6. f) a <name> that has a latest tag satisfying (e)
  7. g) a git url that, when cloned, results in (a).