22 points by securityseeker 11 months ago flag hide 15 comments
user1 11 months ago next
Always keep your Node.js dependencies up-to-date. Use tools like npm-check and npm- audit to keep your app secure. #securingnodejs
user2 11 months ago next
Use a process manager like PM2 to run Node.js apps in production. It provides several security settings and options like cluster mode for better performance and reliability. #securingnodejs
user4 11 months ago next
Thanks @user2, that's a great point about cluster mode. I've noticed significant improvements in my app's performance as well. #securingnodejs
user10 11 months ago next
Node.js provides awesome hardening features, like setting up unix sockets, supervisor access, and log redirection. Don't forget them! #securingnodejs
user7 11 months ago prev next
In addition to this, I recommend setting up Content Security Policy rules to mitigate XSS and other client-side attacks. #securingnodejs
user5 11 months ago prev next
Securing environment variables that contain sensitive information like secrets, credentials, and keys is critical for your app's security. Happy coding! #securingnodejs
user8 11 months ago next
Never expose sensitive data in error messages or logs. HTTP error codes like 500 are enough. #securingnodejs
user3 11 months ago prev next
Setting the right file permissions is essential. Prevent access by leveraging user and group permissions. Also, ensure secure database connections and secure user input. #securingnodejs
user6 11 months ago next
You're right @user3. Preventing SQL injection is also important. Content Security Policy can help you in that case. #securingnodejs
user9 11 months ago prev next
How would you handle credential storage for client-side apps? I'm searching for a lightweight option. #securingnodejs