npm and security, how much do you know about your dependencies?Hack-along, live hacking of a vulnerable Node app https://github.com/snyk-labs/nodejs-goof, Vulnerabilities from both Open source and written code. Encouraged to download the application and hack along with us.\u003c/p\u003e\u003cp\u003eFixing the issues and an introduction to Snyk with a demo.\u003c/p\u003e\u003cp\u003eOpen questions.\u003c/p\u003e","videoUrl":"https://vimeo.com/726670320","featured":false,"summary":"This Workshop on Open Source and Security covers topics such as the use of open source packages in JavaScript, the risks and vulnerabilities associated with open source, and real-world examples of vulnerabilities and exploits. It emphasizes the importance of promptly addressing vulnerabilities and provides insights into fixing vulnerabilities using tools like Snyk. The Workshop also discusses best practices for package maintenance, triaging vulnerabilities, and integrating security measures into software development pipelines.","isTop":false,"localizations":[],"users":[{"id":12000,"nickname":"matthew_salmon","name":"Matthew Salmon","avatar":"https://cdn.cloudinary.com/stichting-frontend-amsterdam/image/upload/v1656944169/pwj36aklfmmxvxkz4iv5.jpg","company":"Snyk","shortBio":null,"superpower":null,"mentorship":null}],"tags":[{"id":51,"label":"javascript","slug":"javascript"},{"id":61,"label":"node.js","slug":"nodejs"},{"id":244,"label":"npm","slug":"npm"},{"id":221,"label":"security","slug":"security"},{"id":27,"label":"case study","slug":"case-study"}],"event":{"id":31,"name":"JSNation 2022","slug":"jsnation-2022","startDate":"2022-06-16T09:00:00.000Z","endDate":"2022-06-20T22:00:00.000Z","domain":"https://jsnation.com","brand":{"id":8,"name":"JS Nation","icon":"https://cdn.cloudinary.com/stichting-frontend-amsterdam/image/upload/v1703170254/JSN_300x300_jexy43.png","domain":"https://jsnation.com"}}},{"id":666,"access":0,"duration":4560,"category":2,"subcategory":null,"format":null,"title":"Bring Code Quality and Security to your CI/CD pipeline","startDate":"2022-03-29T13:25:13.340Z","endDate":"2022-03-29T13:55:13.340Z","publishDate":"2022-03-29T13:55:13.340Z","slug":"bring-code-quality-and-security-to-your-cicd-pipeline","text":"\u003cp\u003eIn this workshop we will go through all the aspects and stages when integrating your project into Code Quality and Security Ecosystem. We will take a simple web-application as a starting point and create a CI pipeline triggering code quality monitoring for it. We will do a full development cycle starting from coding in the IDE and opening a Pull Request and I will show you how you can control the quality at those stages. At the end of the workshop you will be ready to enable such integration for your own projects.\u003c/p\u003e\u003cp\u003e \u003ca href=\"https://www.froala.com/wysiwyg-editor?pb=1\"\u003e \u003c/a\u003e\u003c/p\u003e","videoUrl":"https://vimeo.com/692654692","featured":false,"summary":"The Workshop introduces Sonar products for code quality and security, including SonarLint, SonarQube, and SonarCloud. It covers setting up SonarLint, configuring rules in SonarCloud, and connecting SonarLint to SonarCloud. The Workshop also explains how to configure GitHub Actions for running tests and generating coverage, and how to use SonarCloud's quality gate and new code analysis. Sonar Cloud supports multiple languages and platforms and has a strong community support system.","isTop":false,"localizations":[],"users":[{"id":7055,"nickname":"elena_vilchik","name":"Elena Vilchik","avatar":"https://cdn.cloudinary.com/stichting-frontend-amsterdam/image/upload/v1648558003/zxvszslmockkolsoygvd.jpg","company":"Sonar","shortBio":"Software Engineer at Sonar, Switzerland","superpower":null,"mentorship":null}],"tags":[{"id":64,"label":"code quality","slug":"code-quality"},{"id":142,"label":"ci cd","slug":"ci-cd"},{"id":221,"label":"security","slug":"security"}],"event":{"id":22,"name":"DevOps.js Conf 2022","slug":"devops-conf-2022","startDate":"2022-03-24T15:00:00.000Z","endDate":"2022-03-25T20:00:00.000Z","domain":"https://devopsjsconf.com","brand":{"id":6,"name":"DevOps.js","icon":"https://res.cloudinary.com/stichting-frontend-amsterdam/image/upload/v1619376976/wqgt95tr1tys6lspnv0q.png","domain":"https://devopsjsconf.com"}}}]],"tags":[{"id":51,"label":"javascript","slug":"javascript"},{"id":1,"label":"react","slug":"react"},{"id":198,"label":"vue","slug":"vue"},{"id":276,"label":"svelte","slug":"svelte"},{"id":15,"label":"next.js","slug":"nextjs"},{"id":609,"label":"builders and founders","slug":"builders-and-founders"},{"id":85,"label":"web development","slug":"web-development"},{"id":32,"label":"typescript","slug":"typescript"},{"id":206,"label":"frontend","slug":"frontend"},{"id":19,"label":"best practices","slug":"best-practices"},{"id":61,"label":"node.js","slug":"nodejs"},{"id":64,"label":"code quality","slug":"code-quality"},{"id":91,"label":"fullstack","slug":"fullstack"},{"id":5,"label":"performance","slug":"performance"},{"id":36,"label":"react components","slug":"react-components"},{"id":90,"label":"react hooks","slug":"react-hooks"},{"id":88,"label":"css","slug":"css"},{"id":10,"label":"testing","slug":"testing"},{"id":56,"label":"state management","slug":"state-management"},{"id":35,"label":"design systems","slug":"design-systems"}],"hideVideoDaysRemaining":null,"comments":{"comments":[{"id":508,"message":"Impressive job","createdAt":"2025-11-30T05:12:23.929Z","user":{"id":8031,"name":"Onoriode Unuajohwofia","avatar":"https://pbs.twimg.com/profile_images/3472195642/738ab2f1970e57c54a370718b4fbc2b0.jpeg","company":"Udacity"}},{"id":420,"message":"👍","createdAt":"2025-05-05T13:59:03.094Z","user":{"id":29762,"name":"Costanza ","avatar":"https://cdn.cloudinary.com/stichting-frontend-amsterdam/image/upload/v1729692356/xjTLBUFD9Y0kQMAMH0by7aT%402BnaMhsBLn1PnDSCJRnEo%403D.jpg","company":"Bromley web works. Founder"}}],"count":2},"lang":"EN","hasSeparateVideoPage":false,"isVideoPage":false,"promotionBanner":null,"_superjson":{"values":{"content.createdAt":["Date"],"content.updatedAt":["Date"],"content.publishDate":["Date"],"content.startDate":["Date"],"content.endDate":["Date"],"content.featuredInDigest":["Date"],"content.event.startDate":["Date"],"content.event.endDate":["Date"],"content.localizations.0.updatedAt":["Date"],"content.localizations.1.updatedAt":["Date"],"content.chapters.0.updatedAt":["Date"],"content.chapters.1.updatedAt":["Date"],"content.chapters.2.updatedAt":["Date"],"content.chapters.3.updatedAt":["Date"],"content.chapters.4.updatedAt":["Date"],"content.chapters.5.updatedAt":["Date"],"content.chapters.6.updatedAt":["Date"],"content.promotedEvent":["undefined"],"events.0.startDate":["Date"],"events.0.endDate":["Date"],"events.1.startDate":["Date"],"events.1.endDate":["Date"],"events.2.startDate":["Date"],"events.2.endDate":["Date"],"events.3.startDate":["Date"],"events.3.endDate":["Date"],"events.4.startDate":["Date"],"events.4.endDate":["Date"],"relatedContents.0.0.startDate":["Date"],"relatedContents.0.0.endDate":["Date"],"relatedContents.0.0.publishDate":["Date"],"relatedContents.0.0.event.startDate":["Date"],"relatedContents.0.0.event.endDate":["Date"],"relatedContents.0.1.startDate":["Date"],"relatedContents.0.1.endDate":["Date"],"relatedContents.0.1.publishDate":["Date"],"relatedContents.0.1.event.startDate":["Date"],"relatedContents.0.1.event.endDate":["Date"],"relatedContents.0.2.startDate":["Date"],"relatedContents.0.2.endDate":["Date"],"relatedContents.0.2.publishDate":["Date"],"relatedContents.0.2.event.startDate":["Date"],"relatedContents.0.2.event.endDate":["Date"],"relatedContents.0.3.startDate":["Date"],"relatedContents.0.3.endDate":["Date"],"relatedContents.0.3.publishDate":["Date"],"relatedContents.0.3.event.startDate":["Date"],"relatedContents.0.3.event.endDate":["Date"],"relatedContents.0.4.startDate":["Date"],"relatedContents.0.4.endDate":["Date"],"relatedContents.0.4.publishDate":["Date"],"relatedContents.0.4.event.startDate":["Date"],"relatedContents.0.4.event.endDate":["Date"],"relatedContents.0.5.startDate":["Date"],"relatedContents.0.5.endDate":["Date"],"relatedContents.0.5.publishDate":["Date"],"relatedContents.0.5.event.startDate":["Date"],"relatedContents.0.5.event.endDate":["Date"],"relatedContents.1.0.startDate":["Date"],"relatedContents.1.0.endDate":["Date"],"relatedContents.1.0.publishDate":["Date"],"relatedContents.1.0.event.startDate":["Date"],"relatedContents.1.0.event.endDate":["Date"],"relatedContents.1.1.startDate":["Date"],"relatedContents.1.1.endDate":["Date"],"relatedContents.1.1.publishDate":["Date"],"relatedContents.1.1.event.startDate":["Date"],"relatedContents.1.1.event.endDate":["Date"],"relatedContents.1.2.startDate":["Date"],"relatedContents.1.2.endDate":["Date"],"relatedContents.1.2.publishDate":["Date"],"relatedContents.1.2.event.startDate":["Date"],"relatedContents.1.2.event.endDate":["Date"],"relatedContents.1.3.startDate":["Date"],"relatedContents.1.3.endDate":["Date"],"relatedContents.1.3.publishDate":["Date"],"relatedContents.1.3.event.startDate":["Date"],"relatedContents.1.3.event.endDate":["Date"],"relatedContents.1.4.startDate":["Date"],"relatedContents.1.4.endDate":["Date"],"relatedContents.1.4.publishDate":["Date"],"relatedContents.1.4.event.startDate":["Date"],"relatedContents.1.4.event.endDate":["Date"],"relatedContents.1.5.startDate":["Date"],"relatedContents.1.5.endDate":["Date"],"relatedContents.1.5.publishDate":["Date"],"relatedContents.1.5.event.startDate":["Date"],"relatedContents.1.5.event.endDate":["Date"],"hideVideoDaysRemaining":["undefined"],"comments.comments.0.createdAt":["Date"],"comments.comments.1.createdAt":["Date"]},"referentialEqualities":{"content.updatedAt":["content.localizations.0.updatedAt"]}}},"__N_SSG":true},"page":"/contents/[slug]/[[...lang]]","query":{"slug":"what-is-a-vulnerability-and-whats-not-making-sense-of-nodejs-and-express-threat-models"},"buildId":"nDsuf3faIBIbdCfFlTfFY","isFallback":false,"isExperimentalCompile":false,"gsp":true,"scriptLoader":[]}
