Safeguard
Tag

javascript

Safeguard articles tagged "javascript" — guides, analysis, and best practices for software supply chain and application security.

55 articles

Developer Security

Svelte and SvelteKit Security Best Practices for Production Apps

Svelte's compile-time approach reduces runtime attack surface, but SvelteKit introduces server-side considerations that require deliberate security attention. A practical guide.

Jul 18, 20236 min read
Software Supply Chain Security

npm Install Script Security: The Code That Runs Before Your Code

npm install scripts execute arbitrary code during package installation. They are the most exploited vector in JavaScript supply chain attacks.

Jun 2, 20234 min read
Software Supply Chain Security

Malware Analysis Techniques for Suspicious npm Packages

When an npm package looks suspicious, you need a systematic approach to determine if it is malicious. These analysis techniques separate noise from genuine threats.

May 15, 20236 min read
Dependency Security

JavaScript Dependency Security: The Complete Guide

A thorough walkthrough of securing your JavaScript dependency tree, from lockfile hygiene to automated auditing and runtime protections.

Jul 12, 20226 min read
Software Supply Chain Security

npm Lockfile Injection Attacks: How Tampered package-lock.json Files Compromise Builds

Lockfile injection is a subtle supply chain attack where malicious changes to package-lock.json redirect dependency resolution to attacker-controlled packages. Here is how it works and how to detect it.

Jul 5, 20225 min read
DevSecOps

ESLint Security Rules Configuration: A Practical Guide

ESLint can catch security issues before they reach production. Here is how to configure security-focused rules that actually help without drowning you in noise.

Jun 20, 20225 min read
Supply Chain Attacks

npm Supply Chain Attacks: 2022 Q1 Report

The first quarter of 2022 saw a surge in npm malware — from protestware to dependency confusion to credential-stealing packages. Here's a roundup of the most significant incidents and emerging trends.

Apr 20, 20225 min read
javascript (Page 5) — Safeguard Blog