The Blog

Reviewing a book about Munin as a monitoring pluing for Nagios

MyISAM or InnoDB? know how to choose database engines

My GitHub Actions hackathon application entry is about all the small things that would contribute to a better maintainer life.

This is a blog mirror of Snyk’s State of JavaScript frameworks security report 2019.

As a follow-up to Snyk’s State of JavaScript frameworks security report 2019, this section of the report is about Angular and React…

This article is from Snyk’s State of JavaScript frameworks security report 1. In this blog post we’ll review security vulnerabilities…

In the State of Open Source Security Report 2019, we set out to measure the pulse of the open source security landscape throughout the…

Sharing my thoughts and experience on attending JSConf Budapest for the first time

npm security tips to keep you safe of malicious modules

what makes a test case good? how can we improve the developer friendliness when writing test code?

June 4th is a historic date where the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages.

Sometimes, when building an application inside a Docker image, you need secrets such as an SSH private key to pull code from a private repository but you may be going about it the wrong way by leaking secrets into the image. Here is how to avoid it.

Docker provides two commands for copying files from the host to the Docker image when building it: `COPY` and `ADD`. which one should you use?

When a Dockerfile doesn't specify a USER directive, what's the worst that can happen?

a malicious version of a Ruby gem used in a Rails application leads to remote code execution on vulnerable servers

It is likely you experienced the painful situation of deploying to production only to find out that an API service you integrate with has…

npm project health assessment

installing dependencies is not the same for development as it is for continuous integration systems, in this post I share why.

10 awesome npm security tips to keep you safe!

The JSHeroes conference will take place this year in April and bring in people from all over the world to connect with new and old friends…

In an effort to better promote and increase engagement in the Node.js Security WG we would like to share highlights more often, ideally…

Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the…

I guess naming is a hard task in general, and for the npm registry, the naming rules have evolved from what they were to begin with, much…

There are several traps that are easy to fall to when it comes to async testing. Moreover, there are several methods of achieving the same…

What if someone was able to directly publish a new vulnerable React version?