Nodebestpractices: 'npm security best practices' is a great source for additional security bullets

Created on 23 Feb 2019  ·  6Comments  ·  Source: goldbergyoni/nodebestpractices

Great article by @lirantal here: "npm security best practices"

Some of the ideas there might be a great addition to our guide, we may include with Credit, what do you think @js-kyle ?

stale

Most helpful comment

I'd be happy if you include credits and reference to the cheat sheet ;-)
@js-kyle if something is unclear or you'd want to consult more you're welcome to tag me

All 6 comments

Amazing work! Yes definitely

I'd be happy if you include credits and reference to the cheat sheet ;-)
@js-kyle if something is unclear or you'd want to consult more you're welcome to tag me

I think 3.Minimize attack surfaces by ignoring run-scripts would be good to add here

@lirantal Wouldn't this (ignore run-scripts) break some packages that rely on scripts?

@js-kyle Maybe bullet number 1 (use .npmignore or files) is less controversial?

@lirantal Wouldn't this (ignore run-scripts) break some packages that rely on scripts?

Yep, and at the same time protect you from evil execution in install phases.

Hello there! 👋
This issue has gone silent. Eerily silent. ⏳
We currently close issues after 100 days of inactivity. It has been 90 days since the last update here.
If needed, you can keep it open by replying here.
Thanks for being a part of the Node.js Best Practices community! 💚

Was this page helpful?
0 / 5 - 0 ratings

Related issues

bikingbadger picture bikingbadger  ·  6Comments

mcollina picture mcollina  ·  3Comments

YukiOta picture YukiOta  ·  3Comments

goldbergyoni picture goldbergyoni  ·  6Comments

noway picture noway  ·  3Comments