Slides available on http://asfws12.files.wordpress.com/2012/11/node_security_presentation_v3_asfws.pdf
As listed on slide 35, many features aren’t natively supported by Node. But the package manager npm allows you to complement your installation and also takes care of package dependencies. A vulnerability or backdoor in a popular package may therefore impact the security of many websites. As often, the quality of the different modules varies enormously within the repository, making reviews of all involved dependencies tough. Many other vulnerable examples are provided in Sven’s slide set, featuring a set of code you absolutely don’t want to see in any of your productive application.
Leave a Reply