Collaborate Disseminate
I use NodeJS on AWS Lightsail and want to upgrade to version 23. I have been using a version packaged by bitnami that boasts "security by default", e.g. with some ports closed. It supports version 18 of NodeJS, which will reach e… Continue reading NodeJS 23 on AWS Lightsail
tldr: is using a script spawned by my main process, which reads only a chunk of a sensitive file then passing the result to my main process – of any benefit?
in contrast to loading the file in my main process?
background:
I’m building my … Continue reading benefit to reading sensitive file chunks via a "middleman" shell script?
I was thinking about how to ensure the authenticity of Node.js packages that are installed from a public registry like npmjs.com. The only mechanisms (optionally) in place to my understanding are:
ECDSA registry signatures. Which to my un… Continue reading How can authenticity be ensured for Node.js packages when using a public registry like npmjs.com?
I have a node.js project which implement in nest.js framework.
there is some apiKey and secretKey in my env file, I want to protect these keys from anyone, even host administrator. so I compile my entire project with pkg module to a binary… Continue reading how to protect a string (secret key) in my env file in node.js project?
I made a mistake – i was reached out for work regarding a project. Accidentally built it and ran it locally and it was obviously a bunch of nonsense code designed to look like a normal react project with a million unused dependencies.
What… Continue reading Running and unknown nodeJS/react app
I know math.random() in javascript can be predicted if you know the exact outputs of it, but if I only know what it gives after doing math.floor(100 / (1.0001 – Math.random())), how would I use this to predict the next number?
The Russia-based cybercrime group dubbed “Fin7,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia. Continue reading The Stark Truth Behind the Resurgence of Russia’s Fin7
The path is C:\Users\mante\AppData\Roaming\Java\jre8\bin
I’m cautious because a day before I noticed this, Windows Defender detected a trojan.
I admit that before this I never paid attention to the task manager, I only open it if a browser… Continue reading node.js:server-side javascript running in task manager, malware or legit? [closed]
I am not totally sure how the following concepts are related, could someone please explain?
password-based key derivation
passphrase that can be passed to crypto.generateKeyPairSync (in Node.js)
PBKDF2
I am creating a simple chat applica… Continue reading relation passphrase and password-based key derivation
I am attempting to perform an XSS attack on my server and have successfully bypassed the CSP. In my server code, I store all users in the following manner:
.get("/users", adminReq, (req, res) => {
…
})
Due to the adm… Continue reading Overcoming Middleware: Exploiting XSS to Retrieve Data