javascript
Safeguard articles tagged "javascript" — guides, analysis, and best practices for software supply chain and application security.
55 articles
Svelte and SvelteKit Security Best Practices for Production Apps
Svelte's compile-time approach reduces runtime attack surface, but SvelteKit introduces server-side considerations that require deliberate security attention. A practical guide.
npm Install Script Security: The Code That Runs Before Your Code
npm install scripts execute arbitrary code during package installation. They are the most exploited vector in JavaScript supply chain attacks.
Malware Analysis Techniques for Suspicious npm Packages
When an npm package looks suspicious, you need a systematic approach to determine if it is malicious. These analysis techniques separate noise from genuine threats.
JavaScript Dependency Security: The Complete Guide
A thorough walkthrough of securing your JavaScript dependency tree, from lockfile hygiene to automated auditing and runtime protections.
npm Lockfile Injection Attacks: How Tampered package-lock.json Files Compromise Builds
Lockfile injection is a subtle supply chain attack where malicious changes to package-lock.json redirect dependency resolution to attacker-controlled packages. Here is how it works and how to detect it.
ESLint Security Rules Configuration: A Practical Guide
ESLint can catch security issues before they reach production. Here is how to configure security-focused rules that actually help without drowning you in noise.
npm Supply Chain Attacks: 2022 Q1 Report
The first quarter of 2022 saw a surge in npm malware — from protestware to dependency confusion to credential-stealing packages. Here's a roundup of the most significant incidents and emerging trends.