lirantal

Affected versions of axios are vulnerable to Denial of Service (DoS) because content continues to be processed from requests even after maxContentLength is exceeded, causing increased I/O and CPU usage.

To minimize exposure, opt-in to create a dedicated user and a dedicated group in the Docker image for the application; use the USER directive in the Dockerfile to ensure the container runs the application with the least privileged access possible.

The Node.js runtime is known to have many strengths, but one of them, the single threaded Event Loop, can also be its weakest link if not used correctly. This happens more regularly than one might think.

Regular expression denial of service (ReDoS) attacks exploit the non-linear worst-case complexity vulnerabilities that some regex patterns can lead to. For a single-threaded runtime this could be devastating, and this is why Node.js is significantly affected by this type of vulnerability.

A Node.js express middleware that implements API versioning for route controllers

I published a thing about Consumer-Driven Contracts testing. Perhaps the most comprehensive guide on integration testing for API microservices in Node.js or in other words - How to avoid the pains of breaking your API for consumers!

Life is good! Or so I thought…
what would have happened had I slipped a change into the project’s package.json file but had forgotten to commit the lockfile along side of it?

A cheat sheet that focuses on npm security and productivity tips for both open source maintainers and developers.

Starting off with classic mistakes such as people adding their passwords to the npm packages they publish, importance of two-factor authentication (2FA), tokens in your CI and the value of running a local npm proxy like Verdaccio

Node.js CLI tool to visualize an aggregate list of your dependencies' licenses

NodeJS JavaScript library to convert unix or linux CRON syntax to Quartz Scheduler