The NodeSource Blog

The State of Node.js Security in 2017

We recently partnered up with Sqreen on a Node.js security survey. We were excited to have the opportunity to put our heads together and pose the questions that we’ve seen come up time and again around Node.js and security - one of the most overlooked parts of a Node.js application’s journey.

The survey is now complete, and we’ve tallied all the responses, with some interesting results:

Highlights from The State of Security for Node.js Developers

  • Only 31% of respondents are confident that their code doesn’t contain vulnerabilities.
  • An impressive 84% of respondents feel that Node.js core is secure.
  • Despite that, only 16% of respondents are confident that their third-party dependencies are vulnerability free.
  • 40% of respondents don’t review their modules for known vulnerabilities at all, while 44% only manually review their own code for vulnerabilities.
  • A worrisome 35% of respondents weren’t sure how to identify an attack as it’s happening.

If you’d like to see the full set of data, be sure to check out the full infographic!

The State of Security for Node.js Developers Open the full infographic!

Cover Your Apps with Certified Modules and N|Solid

At NodeSource, addressing the consistent issues around Node.js and security is our number one focus. To address the needs of the enterprise and inherent inexperience with Node.js and security best practices, we’ve built both of our products - N|Solid, as a drop in replacement for the Node.js runtime, and Certified Modules, as an added layer of assurance around the module ecosystem - to help.

If you’re concerned about security with Node.js, be sure to check out both N|Solid and Certified Modules - and always feel free to get in touch if you’ve got any questions.