NPM Security best practices from OWASP Cheat Sheet Series
Short list:
1) Avoid publishing secrets to the npm registry
2) Enforce the lockfile
3) Minimize attack surfaces by ignoring run-scripts
4) Assess npm project health
5) Audit for vulnerabilities in open source dependencies
6) Use a local npm proxy
7) Responsibly disclose security vulnerabilities
8) Enable 2FA
9) Use npm author tokens
10) Understand module naming conventions and typosquatting attacks
Also a lot of useful links you can find in Tech Read channel so subscribe and enjoy.
Likes, shares and recommendations are welcome.
#npm #security #owasp
Short list:
1) Avoid publishing secrets to the npm registry
2) Enforce the lockfile
3) Minimize attack surfaces by ignoring run-scripts
4) Assess npm project health
5) Audit for vulnerabilities in open source dependencies
6) Use a local npm proxy
7) Responsibly disclose security vulnerabilities
8) Enable 2FA
9) Use npm author tokens
10) Understand module naming conventions and typosquatting attacks
Also a lot of useful links you can find in Tech Read channel so subscribe and enjoy.
Likes, shares and recommendations are welcome.
#npm #security #owasp
cheatsheetseries.owasp.org
NPM Security - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.