Developer Security
In-depth guides and analysis on developer security from the Safeguard engineering team.
6 articles
Flutter and Dart Dependency Security: A Practical Guide
Flutter apps pull dozens of Dart packages from pub.dev. Most teams never audit them. Here is how to manage dependency security in the Flutter ecosystem without slowing down development.
Deno's Permission-Based Security Model: What It Gets Right and Where It Falls Short
Deno was built with security as a first-class concern, requiring explicit permissions for file, network, and environment access. Here is an honest assessment of what that model delivers in practice.
Svelte and SvelteKit Security Best Practices for Production Apps
Svelte's compile-time approach reduces runtime attack surface, but SvelteKit introduces server-side considerations that require deliberate security attention. A practical guide.
JetBrains Plugin Security Verification: Protecting Your IDE
IDE plugins run with the same privileges as your IDE. A malicious IntelliJ plugin has access to your source code, credentials, and development environment.
Elixir and Hex Package Security: Protecting the BEAM Ecosystem
Elixir's Hex package manager serves a smaller but growing ecosystem. Smaller does not mean safer — here is what Elixir teams need to know about dependency security.
VS Code Extension Marketplace Security: The IDE Supply Chain
VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.