The Blog

a malicious version of a Ruby gem used in a Rails application leads to remote code execution on vulnerable servers

It is likely you experienced the painful situation of deploying to production only to find out that an API service you integrate with has…

npm project health assessment

installing dependencies is not the same for development as it is for continuous integration systems, in this post I share why.

10 awesome npm security tips to keep you safe!

The JSHeroes conference will take place this year in April and bring in people from all over the world to connect with new and old friends…

In an effort to better promote and increase engagement in the Node.js Security WG we would like to share highlights more often, ideally…

Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the…

I guess naming is a hard task in general, and for the npm registry, the naming rules have evolved from what they were to begin with, much…

There are several traps that are easy to fall to when it comes to async testing. Moreover, there are several methods of achieving the same…

What if someone was able to directly publish a new vulnerable React version?

Let's assume you are tasked with hiring a VP Engineering for a relatively small team, say 10 engineers, which is on a growth trend as the company gets bigger.

Oh yes. The Developer Experience with Jest is transforming the act of writing tests from a chore to hell of a fun time, promise! 🤓

We had Tape, Mocha, Ava, and now Jest. Let’s see what this is all about!

In this post I would like to acquaint you with the work being done by the Node.js Security Working Group (WG) and how we’re improving the…

The use of Regular Expressions (RegEx) is quite common among software engineers and DevOps or IT roles where they specify a string pattern…

Side projects are an amazing thing.We learn, experiment, and collaborate with the world through them.

A crucial part of being an engineering manager is on-boarding to a new team, or on-boarding others to yours. The important bits there is…

In a previous article we reviewed how Consumer-Driven Contracts (CDC) help with integration testing in an environment that is rich with…

Dedicated to everyone whom are helpless romantics as I am, and hopelessly in-love with their Node.js apps.

So you too panicked over security in the npm repository due to a recent blog post?

I like mocha just like the next guy, but sometimes it’s time to move on. We’re talking about iced coffee, right?

This is a story of patience in Open Source, where every bug, every Pull-Request gets attention.

This is a story of patience in Open Source, where every bug, every Pull-Request gets attention.

Many jumped the gun on microservices, and they are ubiquitous today more than ever for implementing service oriented architectures…