Book Image

Node Cookbook - Third Edition

By : Matteo Collina, David Mark Clements, Elger, Mathias Buus Madsen
Book Image

Node Cookbook - Third Edition

By: Matteo Collina, David Mark Clements, Elger, Mathias Buus Madsen

Overview of this book

Today's web demands efficient real-time applications and scalability. Asynchronous event-driven programming is ideal for this, and this is where Node.js comes in. Server-side JavaScript has been here since the 90s, but Node got it right. With Node for tooling and server-side logic, and a browser-based client-side UI, everything is JavaScript. This leads to rapid, fluid development cycles. The full-stack, single language experience means less context-switching between languages for developers, architects and whole teams. This book shows you how to build fast, efficient, and scalable client-server solutions using the latest versions of Node. The book begins with debugging tips and tricks of the trade, and how to write your own modules. Then you'll learn the fundamentals of streams in Node.js, discover I/O control, and how to implement the different web protocols. You'll find recipes for integrating databases such as MongoDB, MySQL/MariaDB, Postgres, Redis, and LevelDB. We also cover the options for building web application with Express, Hapi and Koa. You will then learn about security essentials in Node.js and advanced optimization tools and techniques. By the end of the book you will have acquired the level of expertise to build production-ready and scalable Node.js systems. The techniques and skills you will learn in this book are based on the best practices developed by nearForm, one of the leaders in Node implementations, who supported the work of the authors on this book.
Table of Contents (12 chapters)

Detecting dependency vulnerabilities

Thanks to the wealth of modules on npm, we're able to mostly focus on application logic, relying on the ecosystem for canned solutions. This does, however, lead to large dependency trees and security vulnerabilities can be discovered at any time, even for the most conscientious, mature, and popular modules and frameworks.

In this recipe, we will demonstrate how to detect vulnerabilities in a project's dependency tree.

Getting ready

We'll create a folder called app, initialize it as a package, and install express:

$ mkdir app
$ cd app
$ npm init -y
$ npm install express

We don't need to add any of our own code since we're only checking dependencies.

...