Here's @[email protected]'s talk, Property Descriptors, Getters/Setters, and Proxies, given at Node Summit 2018: nodesummit.com/prior-video/no… #NodeJS #JavaScript

In this post we finally debut some of the awesome capabilities Intrinsic offers when it comes to securing #NodeJS applications! medium.com/intrinsic/secu… #JavaScript #security

"The typical #nodejs app is about 95% third party modules. Scrutinizing every line of third party code simply isn’t a realistic way of protecting yourself from these threats, which is why Intrinsic is here to protect you." - via @[email protected] medium.com/intrinsic/secu…

This just in: We are very excited to partner with Netlify to offer their enterprise customers advanced runtime security for Netlify Functions. Automatically protect your code against the worst type of attacks! Sign up for the beta: netlify.com/blog/2018/10/1…

“Intrinsic is the best way to secure your Node.js Lambda functions, period.” — says Matthew Self of BoxHQ That's why we're working with Intrinsic to bring greater security to #serverless functions. More on this from David Wells on the @netlify blog: netlify.com/blog/2018/10/1…

Netlify Functions makes working with #serverless easier than ever before. netlify.com/features/funct… And now, thanks to a partnership with Intrinsic, our enterprise customers get greater protection against dependency hijacking and supply-chain attacks. netlify.com/blog/2018/10/1…

Read about how Intrinsic are helping us to offer greater protection against dependency hijacking and supply-chain attacks in your #serverless functions. netlify.com/blog/2018/10/1… ✍️ You can also sign up for early access to the beta!

👀

An NPM package with 2,000,000 weekly downloads had malicious code injected into it. No one knows what the malicious code does yet. github.com/dominictarr/ev…

Exactly! This is what we do for Node.js!

Our deep dive on the compromised event-stream package medium.com/intrinsic/comp… #npm #vulnerabilities #security

Our very own @[email protected] participated in a podcast this morning on the recent npm event-stream package incident: soundcloud.com/owasp-podcast/…

Rhys Arkins Renovate Bot Github diffs are useless from a security perspective. It's gotta be an npm diff, and you should be suspicious if the package is bundled before publish. Bundling should be on the package consumer

Do you maintain a #JavaScript library? Have a look at "Protecting your JavaScript APIs". Is your library resilient to each of the outlined attacks? medium.com/intrinsic/prot…

I loved working with Eran Hammer on a prototype pollution attack that can impact Node applications: github.com/hapijs/hapi/is… < Check it out.

Introducing Package Diff: A service for displaying a diff between two versions of an npm package: medium.com/intrinsic/intr… This tool was inspired by Mikeal Rogers. #nodejs

Symbols bring a few benefits to #JavaScript and are particularly useful when used as object properties. But, what can they do for us that strings cannot? And why don't they come with the same guarantees in #NodeJS? medium.com/intrinsic/java…

Why should I use a Reverse Proxy if #NodeJS is Production-Ready? medium.com/intrinsic/why-…

See @[email protected] at our Meetup in San Francisco Capital One on April 4th, 6:30 pm Talk is "Real World Attacks in the npm Ecosystem" read about it here... bit.ly/2Oy6DID