Friday, August 26, 2016

NodeJS Security Considerations

In my previous post I showed how to verify whether our installed node modules are out dated or not. New releases of modules will definitely have fixes for variety of issues. However, that is not enough as a developer. We need to verify whether there are vulnerable code anymore in our modules. Further we need to certify whole lot of dependency tree.
By using npm ls command we can view the dependency tree.
This will show a huge list. To have a graphical view of each module we can use http://npm.anvaka.com/.
In fact, we can not thoroughly look into each and every package for security issues. Therefore we will use a node package for that. Install retire npm package.
Then inside your node project run retire command like below. Then you will see list of vulnerabilities and their vulnerability level.
We can use Node Security Command line tools from https://github.com/nodesecurity/. nsp is the most commonly used module which use an API to check vulnerabilities. First install nsp as a global module.
Then run nsp check command while inside your project.
As a NodeJS developer, we should verify and remove for unused packages in our project. Easiest way is to use depcheck tool. First we need to install it.
Then we can run depcheck command inside our project.

Thursday, August 25, 2016

Useful npm Commands

When you work with npm modules it is always a best practice to install latest packages. Even this will reduce security vulnerabilities of outdated packages.
First I will show package.json file of my older project. In this project I haven't updated npm modules recently.
By running npm outdated command you can have a better idea about your outdated packages.

Monday, August 8, 2016

Basic React Routes

In this post I will demonstrate how to implement basic routes with ReactJS. First install following node dependencies accordingly.
Then add webpack.config.js file and index.html file accordingly. I have already explained above these configurations in my previous ReactJS posts.
Then add Help.js, Home.js, Student.js and StudentDetails.js files.
In Student.js file we can see an import statement of react-router, which will handle routing functionality. This will sync UI with URL by having components associated with routes. Child components make available in parent components by using this.props.childrenLink will generate navigation links accordingly using react-router.
Next will add App.js file. In here, instead of rendering App component to the DOM, we pass Router compoenent with predefined routes. To configure index route, we can use IndexRoute.
Final output will be like below.