Node.js – WindowsTechs.com

Microsoft Warns of Node.js Abuse for Malware Delivery

Posted on April 16, 2025 by Eduard Kovacs

In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads.
The post Microsoft Warns of Node.js Abuse for Malware Delivery appeared first on SecurityWeek.
Continue reading Microsoft Warns of Node.js Abuse for Malware Delivery→

Security considerations when using Apache with SSL enabled and Node.JS without SSL

Posted on February 19, 2025 by bblizzard

So I have a peculiar setup to work with. The main server is your standard off-the-mill Apache server with SSL enabled bound to a public domain (NOT localhost!). My Node.JS server runs on localhost:8080. They both run on the same machine so… Continue reading Security considerations when using Apache with SSL enabled and Node.JS without SSL→

what is this payload doing? [closed]

Posted on January 9, 2025 by Mike

I received a piece of malicious code in one of the projects I am working on disguised as an empty txt file.
The code I am sharing now was then run in node.js with the function eval().
See flow of actions:
App.js entrypoint upon npm run sta… Continue reading what is this payload doing? [closed]→

implement csrf protection middleware in express framework node js [closed]

Posted on December 20, 2024 by Ashwani Panwar

Does anyone has any refrence/code how to implement csrf protection middleware in express framework node js ?

Continue reading implement csrf protection middleware in express framework node js [closed]→

How does AWS Lambda support eol node.js versions

Posted on November 22, 2024 by ndenarodev

AWS Lambda’s support for Node.js and Node.js end of life do not coincide, instead AWS Lambda continues to support the runtime for a few months after the official end of life for a specific Node.js version. AWS says that they stop providing… Continue reading How does AWS Lambda support eol node.js versions→

NodeJS 23 on AWS Lightsail

Posted on November 4, 2024 by emonigma

I use NodeJS on AWS Lightsail and want to upgrade to version 23. I have been using a version packaged by bitnami that boasts "security by default", e.g. with some ports closed. It supports version 18 of NodeJS, which will reach e… Continue reading NodeJS 23 on AWS Lightsail→

benefit to reading sensitive file chunks via a "middleman" shell script?

Posted on October 20, 2024 by nicholaswmin

tldr: is using a script spawned by my main process, which reads only a chunk of a sensitive file then passing the result to my main process – of any benefit?
in contrast to loading the file in my main process?
background:
I’m building my … Continue reading benefit to reading sensitive file chunks via a "middleman" shell script?→

How can authenticity be ensured for Node.js packages when using a public registry like npmjs.com?

Posted on September 17, 2024 by Bob Ortiz

I was thinking about how to ensure the authenticity of Node.js packages that are installed from a public registry like npmjs.com. The only mechanisms (optionally) in place to my understanding are:

ECDSA registry signatures. Which to my un… Continue reading How can authenticity be ensured for Node.js packages when using a public registry like npmjs.com?→

how to protect a string (secret key) in my env file in node.js project?

Posted on August 19, 2024 by aref razavi

I have a node.js project which implement in nest.js framework.
there is some apiKey and secretKey in my env file, I want to protect these keys from anyone, even host administrator. so I compile my entire project with pkg module to a binary… Continue reading how to protect a string (secret key) in my env file in node.js project?→

Running and unknown nodeJS/react app

Posted on August 8, 2024 by Cody Popham

I made a mistake – i was reached out for work regarding a project. Accidentally built it and ran it locally and it was obviously a bunch of nonsense code designed to look like a normal react project with a million unused dependencies.
What… Continue reading Running and unknown nodeJS/react app→