![How to manage Node.js vulnerabilities [11 of 26] | Node.js for Beginners](https://img.howtoclicks.com/vi_webp/kr9G2UXtOh4/sddefault.webp)
How to manage Node.js vulnerabilities [11 of 26] | Node.js for Beginners
How to manage Node.js vulnerabilities [11 of 26] | Node.js for Beginners
Vulnerabilities can be a serious threat to any application. Learn how to assess the risk of your dependencies, and how to fix vulnerabilities in your Node.js applications using the NPM audit tool.
Full “Intro to Node.js” course on Microsoft Learn: https://aka.ms/LearnNode.js
Watch the entire series: https://aka.ms/NodeBeginner
Extra resources:
- NPM audit: https://docs.npmjs.com/auditing-packa…
- Node.js: https://nodejs.org
- Visual Studio Code: https://aka.ms/get/VSCode
- Beginner’s Series to JavaScript: https://aka.ms/JSBeginnerSeries
#NodeJS #Tutorial #Beginners #JavaScript #Express
Content
0 -> [MUSIC]
10.47 -> >> Hello, everyone. I'm Jen Looper.
12.21 -> In this video, we're going to see
13.41 -> how to manage your project
vulnerabilities issues
16.59 -> and how to mitigate them.
18.615 -> Every time you update
or install a package,
21.165 -> you'll get a lot of response,
22.589 -> like this one, just
after the installation.
25.125 -> This response tells you
what version was installed,
27.84 -> and whether there are
any vulnerabilities,
29.895 -> and it might look something like
what's in my terminal right now.
33.475 -> This log lists the vulnerabilities
35.99 -> with the various severity levels.
37.91 -> If you have any high-level
vulnerabilities,
40.4 -> you should generally try
to update the package.
42.995 -> If you use the command npm audit,
46.865 -> you can get information about
the kinds of vulnerabilities,
50.375 -> which packages are affected,
51.68 -> and how to resolve it.
53.33 -> You can use npm audit fix
56.9 -> to try to resolve the issues
by updating your packages
61.1 -> within the allowed version range.
63.19 -> But sometimes like right here,
65.12 -> it's not quite enough.
66.815 -> If you're okay to accept
possible break-in changes,
70.16 -> you can always use npm audit
fix with the force flag.
76.465 -> This allows updates outside of
your allowed version range,
79.955 -> meaning, major version
updates, and in that case,
83.225 -> you can see that
updating in expressed to
84.86 -> its latest major version
86.765 -> fixes the issues, npm audit.
89.93 -> How are we doing? Not bad.
93.045 -> But sometimes, that's
still not enough
95.195 -> and fixes may not exist at all.
97.42 -> Then deciding if the
remaining vulnerabilities
99.815 -> are an issue or not
depends on your project,
102.02 -> the kind of possible issues,
103.85 -> and which package is affected.
105.665 -> If it only affects your
development dependencies
107.96 -> and not your production dependencies,
109.715 -> that is usually safe.
111.685 -> Keep in mind that vulnerabilities
are discovered all the time.
114.915 -> They're so common that GitHub
116.33 -> has implemented a
function that scans repos
118.46 -> and automatically creates
PRs suggesting that you
121.265 -> upgrade to a safer version
if it finds a vulnerability.
124.37 -> A good practice is to run
the npm audit occasionally
127.31 -> just to keep your code
in good condition.
129.685 -> See you in the next videos
to learn more about Node.js.
Source: https://www.youtube.com/watch?v=kr9G2UXtOh4