Questions tagged [node.js]
Node.js is an event-based, non-blocking, asynchronous I/O framework that uses Google's V8 JavaScript Engine.
178 questions
- Bountied 0
- Unanswered
- Frequent
- Score
- Trending
- Week
- Month
- Unanswered (my tags)
1
vote
2
answers
100
views
Does npm (Node.js package manager) provide cryptographic authentication and integrity validation?
Does the npm package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides providing ...
-2
votes
1
answer
181
views
Freaked out because of powers of Node.js
My friend and I are making games on RPG Maker and sharing them together. He also makes plugins from ChatGPT.
I asked him for a script for a game crash (horror scene) and they asked "can this ...
1
vote
1
answer
100
views
Is using req.path as a file path in an Express route vulnerable?
Let's say we have this simple Express application
const express = require('express')
const app = express();
app.get("/public/*", (req, res) => {
res.sendFile(req.path);
});
app....
5
votes
1
answer
422
views
How does AWS Lambda support eol node.js versions
AWS Lambda's support for Node.js and Node.js end of life do not coincide, instead AWS Lambda continues to support the runtime for a few months after the official end of life for a specific Node.js ...
1
vote
1
answer
99
views
NodeJS 23 on AWS Lightsail
I use NodeJS on AWS Lightsail and want to upgrade to version 23. I have been using a version packaged by bitnami that boasts "security by default", e.g. with some ports closed. It supports ...
1
vote
1
answer
144
views
How can authenticity be ensured for Node.js packages when using a public registry like npmjs.com?
I was thinking about how to ensure the authenticity of Node.js packages that are installed from a public registry like npmjs.com. The only mechanisms (optionally) in place to my understanding are:
...
0
votes
1
answer
107
views
Running and unknown nodeJS/react app
I made a mistake - i was reached out for work regarding a project. Accidentally built it and ran it locally and it was obviously a bunch of nonsense code designed to look like a normal react project ...
0
votes
1
answer
145
views
relation passphrase and password-based key derivation
I am not totally sure how the following concepts are related, could someone please explain?
password-based key derivation
passphrase that can be passed to crypto.generateKeyPairSync (in Node.js)
...