How Maintainer Burnout Is Causing a Kubernetes Security Disaster the )Sep 11, 2025 413 kubernetes , maintenance , foss , economics npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack bur +/soc )Sep 8, 2025 412 npm , dependencies Anatomy of a Billion-Download npm Supply-Chain Attack Sep 8, 2025 411 npm , dependencies Why You Absolutely Need to Have Automated Dependency Management in Place j9t )Aug 28, 2025 410 dependencies , maintainability , maintenance , automation , tooling What Your Website’s Style Says About You—and How Hackers Can Use It Against You err )Aug 1, 2025 409 css , javascript Hardening Node.js Apps in Production: 8 Layers of Practical Security Jul 29, 2025 408 nodejs , best-practices eslint-config-prettier Compromised: How npm Package With 30 Million Downloads Spread Malware Jul 21, 2025 407 prettier , eslint , npm , malware npm Phishing Email Targets Developers With Typosquatted Domain sar /soc )Jul 18, 2025 406 npm AI Agents Are Creating a New Security Nightmare for Enterprises and Startups the )Jul 18, 2025 405 ai , apis Tuesday, July 15, 2025 Security Releases nod )Jul 15, 2025 404 release-notes , nodejs Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader soc )Jul 14, 2025 403 npm , dependencies MCP Security Vulnerabilities and Attack Vectors Jun 27, 2025 402 mcp , ai A New Era of Code Quality Jun 24, 2025 401 quality JWTs Are Not Session Tokens, Stop Using Them Like One Jun 21, 2025 400 json-web-tokens , authentication The Growing Risk of Malicious Browser Extensions soc )Jun 13, 2025 399 browser-extensions Design Patterns for Securing LLM Agents Against Prompt Injections sim )Jun 13, 2025 398 studies , research , ai , prompting , software-design-patterns HTML Spec Change: Escaping “<” and “>” in Attributes sec /dev )Jun 12, 2025 397 html , attributes , escaping , xss Escaping “<” and “>” in Attributes—How It Helps Protect Against Mutation XSS sec )Jun 12, 2025 396 html , attributes , xss , escaping , chrome , google , browsers Beware of End-of-Life Node.js Versions—Upgrade or Seek Post-EOL Support mco /nod )Jun 6, 2025 395 nodejs , maintenance How to Access Local MCP Servers Through a Secure Tunnel the )Jun 5, 2025 394 how-tos , mcp , ai , servers , network Docker Launches Hardened Images, Intensifying Secure Container Market the )May 19, 2025 393 docker Modernizing Security May 17, 2025 392 modernization , processes Securing Your Node.js App From Command Injection May 14, 2025 391 nodejs Passkeys for Normal People tro )May 5, 2025 390 authentication , passkeys , examples , concepts npm Targeted by Malware Campaign Mimicking Familiar Library Names soc )May 2, 2025 389 npm , malware , dependencies , link-lists Threat Actors Misuse Node.js to Deliver Malware and Other Malicious Payloads mic )Apr 15, 2025 388 nodejs , malware Principles for Coding Securely With LLMs Apr 15, 2025 387 ai , principles TLS Certificate Lifetimes Will Officially Reduce to 47 Days Apr 14, 2025 386 tls , certificates LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything tho /the )Apr 12, 2025 385 ai , dependencies Secure a Vue App With OpenID Connect and the BFF Pattern due )Apr 9, 2025 384 vuejs , authentication , backend-for-frontend Teaching Code in the AI Era: Why Fundamentals Still Matter ali )Apr 4, 2025 383 training , ai , programming , vibe-coding , scalability , performance , quality , testing , documentation Stop Using Jenkins in 2025 oso )Apr 1, 2025 382 jenkins , github-actions , ci-cd Node.js Test CI Security Incident nod )Mar 31, 2025 381 nodejs , retrospectives Website Hijack Campaign Now Impacting 150,000 Sites gad )Mar 27, 2025 380 Malware Found on npm Infecting Local Package With Reverse Shell rev )Mar 26, 2025 379 npm , dependencies Five Things Vibe Coders Should Know (From a Software Engineer) uxd )Mar 20, 2025 378 vibe-coding , sanitization GitHub Suffers a Cascading Supply Chain Attack Compromising CI/CD Secrets inf )Mar 19, 2025 377 github , ci-cd How to Prevent WordPress SQL Injection Attacks sma )Mar 13, 2025 376 how-tos , wordpress , sql , databases Lazarus Strikes npm Again With New Wave of Malicious Packages soc )Mar 10, 2025 375 npm , dependencies What Is the OWASP Top 10 and How Can Your Team Benchmark Security? jet )Mar 7, 2025 374 owasp , vulnerabilities , qodana , jetbrains Updates on CVE for End-of-Life Versions raf /nod )Mar 7, 2025 373 nodejs How to Protect Your Web Applications From XSS tor /w3c )Mar 6, 2025 372 how-tos , web-apps , xss Secure UX: Building Cybersecurity and Privacy Into the UX Lifecycle uxm )Mar 3, 2025 371 user-experience , processes The Fallacy of Balance: Challenging the Notion of Security and Accessibility as Opposing Objectives deq )Feb 26, 2025 370 videos , accessibility It Is No Longer Safe to Move Our Governments and Societies to U.S. Clouds ber )Feb 23, 2025 369 cloud-computing , privacy , legal How OWASP Helps You Secure Your Full-Stack Web Applications eri /sma )Feb 18, 2025 368 owasp , monitoring , authentication , vulnerabilities , configuration , csrf , cryptography , authorization 10 Common Web Development Mistakes to Avoid Right Now Feb 17, 2025 367 mistakes , mobile , performance , accessibility , seo , navigation , analytics , testing Tightening Every Bolt bag )Feb 8, 2025 366 videos , processes , code-reviews , testing On Generative AI Security sch )Feb 5, 2025 365 ai , lessons , microsoft Understanding CORS Errors in Signed Exchanges paw )Jan 31, 2025 364 cors , errors , signed-exchanges Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” tre )Jan 29, 2025 363 packages , npm , nodejs Node.js EOL Versions CVE Dubbed the “Worst CVE of the Year” by Security Experts sar /soc )Jan 24, 2025 362 nodejs , documentation How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares Jan 24, 2025 361 github , slack , npm Tuesday, January 21, 2025 Security Releases raf /nod )Jan 21, 2025 360 release-notes , nodejs APIs Are Quickly Becoming the Latest Security Battleground (and Nightmare) the )Jan 14, 2025 359 apis CDN-First Is No Longer a Performance Feature osv )Jan 12, 2025 358 content-delivery , performance , caching , embed-code , privacy The Cyber-Cleanse: Take Back Your Digital Footprint cyb )Jan 1, 2025 357 privacy 15 Principles for Secure Programming rak )Dec 23, 2024 356 principles , validation , testing Important Topics for Frontend Developers to Master in 2025 Dec 21, 2024 355 learning , javascript , typescript , css , frameworks , git , apis , testing , performance , ci-cd , websockets How to Automate OWASP Security Reviews in Your Pull Requests? cod )Dec 16, 2024 354 how-tos , owasp , automation , code-reviews , coderabbit Developer Guide: How to Implement Passkeys Dec 16, 2024 353 guides , how-tos , authentication , passkeys 5 Technical Trends to Help Web Developers Stand Out in 2025 the )Dec 10, 2024 352 trends , career , javascript , ai , low-and-no-code Avoid Hotlinking Images With “Cross-Origin-Resource-Policy” Nov 27, 2024 351 images Content Security Policy Level 3 mik /w3c )Nov 22, 2024 350 standards , csp Security htt )Nov 11, 2024 349 web-almanac , studies , research , metrics JavaScript Import Attributes (ES2025) tre )Nov 10, 2024 348 javascript Exploring Internet Traffic Shifts and Cyber Attacks During the 2024 U.S. Election clo )Nov 6, 2024 347 traffic Securing Your Express REST API With Passport.js Nov 3, 2024 346 nodejs , express , json-web-tokens , apis , rest , tooling SecretLint—a Linter for Preventing Committing Credentials tre )Oct 22, 2024 345 tooling , linting Understanding “npm audit” and Fixing Vulnerabilities Oct 21, 2024 344 npm , vulnerabilities , nodejs Top 4 Web Vulnerabilities With Example and Mitigation Oct 21, 2024 343 vulnerabilities , sql , databases , xss , csrf The Importance of UX in Cybersecurity uxm )Oct 21, 2024 342 user-experience , usability How to Implement Content Security Policy (CSP) Headers for Astro tre )Oct 16, 2024 341 how-tos , http , http-headers , csp , astro , vercel , cloudflare Why Code Security Matters—Even in Hardened Environments Oct 8, 2024 340 vulnerabilities , file-handling , nodejs Database 101: SSL/TLS for Beginners Oct 4, 2024 339 introductions , databases , ssl , tls , authentication Cloudflare Study: 39% of Companies Losing Control of Their IT and Security Environment tre )Oct 3, 2024 338 studies , research , engineering-management NIST Recommends Some Common-Sense Password Rules sch )Sep 27, 2024 337 passwords , guidelines I Finally Understand OAuth Sep 24, 2024 336 authorization , oauth , processes Fake GitHub Site Targeting Developers jul /san )Sep 19, 2024 335 github Hacking Cars in JavaScript (Running Replay Attacks in the Browser With the HackRF) dev )Sep 16, 2024 334 javascript Gaining Access to Anyone’s Browser Without Them Even Visiting a Website Sep 7, 2024 333 arc , the-browser-company , browsers , vulnerabilities Web Security: Shaping the Secure Web set /w3c )Aug 21, 2024 332 web , w3c 5 Wasm Use Cases for Frontend Development des )Aug 21, 2024 331 guest-posts , webassembly , performance What Is Incident Response? Aug 20, 2024 330 incident-response , overviews The Great npm Garbage Patch Aug 6, 2024 329 dependencies , npm , spam Migrating From Netlify to Cloudflare for AI Bot Protection sia )Aug 6, 2024 328 migrating , netlify , cloudflare , ai Frontend Security Checklist tre )Jul 30, 2024 327 checklists , react Automated Ways to Security Audit Your Website Jul 28, 2024 326 auditing , automation , tooling Secure Node.js Applications From Supply Chain Attacks Jul 25, 2024 325 nodejs , best-practices , dependencies The Pitfalls of In-App Browsers fro )Jul 18, 2024 324 browsers , mobile , privacy , user-experience The Cloud Run Security Gap You Didn’t Know You Had (and How to Fix It) Jul 18, 2024 323 google , gcp Supply Chain Security in npm—We Can Be Optimistic About the Future Jul 9, 2024 322 npm , dependencies , provenance Script Integrity chr /fro )Jul 5, 2024 321 embed-code , javascript WebAuthn: Enhancing Security With Minimal Effort tbe )Jul 2, 2024 320 authentication , webauthn Tuesday, July 2, 2024 Security Releases nod )Jul 2, 2024 319 release-notes , nodejs Introducing the MDN HTTP Observatory mdn )Jul 2, 2024 318 introductions , mdn , mozilla , http RegreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server Jul 1, 2024 317 ssh , vulnerabilities Polyfill Supply Chain Attack Embeds Malware in JavaScript CDN Assets sny )Jun 26, 2024 316 malware , vulnerabilities Catching Compromised Cookies Jun 25, 2024 315 cookies , testing Backdoor Slipped Into Multiple WordPress Plugins in Ongoing Supply-Chain Attack dan /ars )Jun 24, 2024 314 wordpress , plugins The Hacking of Culture and the Creation of Socio-Technical Debt sch )Jun 19, 2024 313 culture What Is Mixed Content? fre )Jun 15, 2024 312 http Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks sar /soc )Jun 15, 2024 311 npm , dependencies , vulnerabilities , caching OAuth Authentication rya )Jun 15, 2024 310 authentication , authorization , oauth The Ultimate Guide to Iframes log )Jun 6, 2024 309 guides , iframes , html , javascript How a Single Vulnerability Can Bring Down the JavaScript Ecosystem Jun 3, 2024 308 javascript , npm , dependencies , caching , vulnerabilities JavaScript Security: Simple Practices to Secure Your Frontend May 15, 2024 307 javascript , dependencies , csp Manifesto for a Humane Web mic )May 10, 2024 306 websites , manifestos , web , principles , accessibility , dei , sustainability , user-experience Securing Client-Side JavaScript ada )May 5, 2024 305 javascript , graceful-degradation Poor Express Authentication Patterns in Node.js and How to Avoid Them May 3, 2024 304 express , nodejs , authentication Passkeys: A Shattered Dream fir )Apr 26, 2024 303 authentication , passkeys Using Legitimate GitHub URLs for Malware sch )Apr 22, 2024 302 malware , github When Security and Accessibility Clash: Why Are Banking Applications So Inaccessible? nic )Apr 17, 2024 301 accessibility Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects ope )Apr 15, 2024 300 foss Wednesday, April 10, 2024 Security Releases raf /nod )Apr 10, 2024 299 release-notes , nodejs Node.js Secure Coding: Mitigate and Weaponize Code Injection Vulnerabilities Apr 8, 2024 298 books , nodejs , vulnerabilities The Free Software Commons jen )Apr 5, 2024 297 foss , community The V8 Sandbox Apr 4, 2024 296 v8 Wednesday, April 3, 2024 Security Releases nod )Apr 3, 2024 295 release-notes , nodejs Using JSON Web Tokens With Node.js Apr 3, 2024 294 json-web-tokens , nodejs , authentication Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks? Apr 3, 2024 293 dns In-App Browsers Are Still a Privacy, Security, and Choice Problem tho /the )Mar 27, 2024 292 browsers , mobile , privacy How Does Single Sign-On (SSO) Work? mil )Mar 24, 2024 291 authentication CORS Finally Explained—Simply Mar 24, 2024 290 csrf , cors , concepts How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package eth )Mar 3, 2024 289 npm , dependencies , examples Preventing SQL Injection Attacks in Node.js sny )Feb 20, 2024 288 nodejs , databases , sql Frontend Application Security: Tips and Tricks Feb 16, 2024 287 web-apps , xss , csrf , authentication , dependencies , csp , validation , tips-and-tricks Wednesday, February 14, 2024 Security Releases raf +/nod )Feb 14, 2024 286 release-notes , nodejs How to Boost WordPress Security and Protect Your SEO Ranking Feb 12, 2024 285 how-tos , wordpress , seo Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft sar /soc )Feb 6, 2024 284 npm , dependencies Practice Safe DSD With “setHTMLUnsafe” (It’s Complicated) jar /van )Jan 31, 2024 283 html , dom , shadow-dom , apis Tuesday, February 6, 2024 Security Releases raf /nod )Jan 30, 2024 282 release-notes , nodejs JWT vs. Session Authentication Jan 25, 2024 281 authentication , json-web-tokens , comparisons GitHub, npm Registry Abused to Host SSH Key-Stealing Malware Jan 24, 2024 280 github , npm , malware , foss Deceptive Deprecation: The Truth About npm Deprecated Packages Jan 18, 2024 279 npm , dependencies , research Safely Accessing the DOM With Angular SSR dev )Jan 17, 2024 278 dom , javascript , angular , server-side-rendering Node.js Security Progress Report—Progress on Permission Model, Fuzzer, and Connections With Community ope )Jan 16, 2024 277 nodejs I Hate CORS Jan 14, 2024 276 videos , cors Building Multiple Progressive Web Apps on the Same Domain dev )Jan 4, 2024 275 videos , web-apps , progressive-web-apps , architecture Session-Based vs. Token-Based Authentication: Which Is Better? Dec 23, 2023 274 authentication , json-web-tokens , comparisons 10 Best Practices for Secure Code Review of Node.js Code Dec 20, 2023 273 best-practices , code-reviews , nodejs Security Headers Using “<meta>” sap /mat )Dec 7, 2023 272 csp , html Blind CSS Exfiltration: Exfiltrate Unknown Web Pages Dec 5, 2023 271 css Mastering Cryptography Fundamentals With Node’s “crypto” Module Nov 11, 2023 270 cryptography , nodejs Secure Code Review Tips to Defend Against Vulnerable Node.js Code Nov 8, 2023 269 nodejs , code-reviews Understanding CORS Nov 4, 2023 268 cors What the !#@% Is a Passkey? eff )Oct 26, 2023 267 passkeys Secret Scanning Scans Public npm Packages git )Oct 26, 2023 266 github , npm , dependencies Local HTTPS for Next.js 13.5 ami )Oct 10, 2023 265 testing , http , nextjs Understanding XSS Attacks ver )Oct 5, 2023 264 xss A Comprehensive Guide to the Dangers of Regular Expressions in JavaScript phi )Sep 28, 2023 263 guides , javascript , regex SSH Keys Stolen by Stream of Malicious PyPI and npm Packages ble )Sep 27, 2023 262 ssh , dependencies , npm Best Practices for Securing Node.js Applications in Production Sep 27, 2023 261 best-practices , nodejs npm Provenance General Availability git )Sep 26, 2023 260 github , npm , provenance The WebP 0-Day Sep 21, 2023 259 webp , google , apple Open Source Trends to Look for in 2024 Sep 21, 2023 258 foss , trends , outlooks , ai Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples Sep 15, 2023 257 nodejs , history , examples How to Implement SSL/TLS Pinning in Node.js sny )Aug 29, 2023 256 how-tos , ssl , tls , nodejs A More Intelligent and Secure Web ple /w3c )Aug 24, 2023 255 videos , w3c , standards , web , web-platform Demystifying CORS: Understanding How Cross-Origin Resource Sharing Works Aug 18, 2023 254 cors , javascript Towards HTTPS by Default jde /dev )Aug 16, 2023 253 browsers , google , chrome , http , tls Sophisticated, Highly-Targeted Attacks Continue to Plague npm Aug 12, 2023 252 npm An Update on Chrome Security Updates—Shipping Security Fixes to You Faster Aug 8, 2023 251 browsers , google , chrome Tuesday, August 8, 2023 Security Releases raf /nod )Jul 31, 2023 250 release-notes , nodejs Publishing With npm Provenance From Private Source Repositories Is No Longer Supported git )Jul 26, 2023 249 github , npm , provenance , foss Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware soc )Jul 25, 2023 248 malware , npm Securing the Web Forward: Addressing Developer Concerns in Web Security tor /w3c )Jul 24, 2023 247 web , surveys User Input Sanitization and Validation: Securing Your App Jul 19, 2023 246 sanitization , validation , conformance Encoding: A Brief History and Its Role in Cybersecurity Jul 19, 2023 245 encoding , unicode , history Node.js Security Progress Report—17 Reports Closed ope )Jul 17, 2023 244 nodejs The Importance of Verifying Webhook Signatures sny )Jun 29, 2023 243 webhooks The Massive Bug at the Heart of the npm Ecosystem Jun 27, 2023 242 npm , dependencies Understanding Authorization Before Authentication: Enhancing Web API Security Jun 23, 2023 241 authorization , authentication , apis , comparisons An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript Jun 23, 2023 240 introductions , vulnerabilities , nodejs , javascript All You Need to Know About CORS and CORS Errors Jun 23, 2023 239 cors , errors Django: A Security Improvement Coming to “format_html()” ada )Jun 15, 2023 238 django , html Tuesday, June 20, 2023 Security Releases raf /nod )Jun 13, 2023 237 release-notes , nodejs security.txt Now Mandatory for Dutch Government Websites May 31, 2023 236 legal File Upload Security and Malware Protection aus )May 23, 2023 235 malware , file-handling , edge-computing Security Implications of HTTP Response Headers sny )May 3, 2023 234 http , http-headers Introducing npm Package Provenance git )Apr 19, 2023 233 introductions , github , npm , provenance , foss Generating Provenance Statements Apr 19, 2023 232 npm , provenance 8 Best Tools for Cryptography and Encryption sta )Apr 18, 2023 231 link-lists , tooling , comparisons , cryptography , encryption , privacy Dissecting npm Malware: Five Packages and Their Evil Install Scripts Apr 15, 2023 230 npm , malware Passkeys: What the Heck and Why? css )Apr 12, 2023 229 passkeys Senior Engineering Strategies for Advanced React and TypeScript tec )Mar 25, 2023 228 strategies , react , typescript , architecture , testing , performance , accessibility , maintenance Cryptographically Protecting Your SPA Mar 17, 2023 227 single-page-apps , cryptography Without Accessibility, There Is No Privacy or Security Feb 28, 2023 226 accessibility , privacy SSL Certificates Explained Feb 20, 2023 225 videos , certificates , ssl , protocols How to Password-Protect a Static HTML Page With No JS ede )Feb 20, 2023 224 how-tos , css , fonts Quick Tip: How to Hash a Password in PHP Feb 14, 2023 223 how-tos , php , passwords , tips-and-tricks Sandboxing JavaScript Code Feb 12, 2023 222 javascript Unlocking Security Updates for Transitive Dependencies With npm git )Jan 19, 2023 221 npm , dependencies , maintenance 7 Required Steps to Secure Your Iframes Security Jan 4, 2023 220 iframes , xss , html , http-headers , csp Conditional API Responses for JavaScript vs. HTML Forms aus )Jan 3, 2023 219 javascript , html , forms , comparisons Why Do We Need Authorization and Authentication? Dec 30, 2022 218 authorization , authentication The Top 10 Security Vulnerabilities for Web Applications Dec 20, 2022 217 vulnerabilities , web-apps Leaked a Secret? Check Your GitHub Alerts… for Free git )Dec 15, 2022 216 github DOM Clobbering fre /mat )Dec 12, 2022 215 dom New npm Features for Secure Publishing and Safe Consumption git )Dec 6, 2022 214 npm , dependencies Using SRI to Protect From Malicious JavaScript mat )Dec 3, 2022 213 javascript WordPress Versions 3.7–4.0 No Longer Get Security Updates sar )Nov 30, 2022 212 wordpress “Not Secure” Warning for IE Mode Nov 16, 2022 211 browsers , microsoft , edge , internet-explorer Node.js Security Best Practices nod )Nov 10, 2022 210 nodejs , best-practices npm Security: Preventing Supply Chain Attacks sny )Nov 7, 2022 209 npm , dependencies Secure JavaScript URL Validation sny )Oct 17, 2022 208 javascript , validation , urls Create a Passkey for Passwordless Logins age /dev )Oct 12, 2022 207 authentication , passkeys Designing a Secure API Oct 4, 2022 206 software-design , apis Phylum Detects Active Typosquatting Campaign Targeting npm Developers Oct 2, 2022 205 npm , dependencies Security htt )Sep 26, 2022 204 web-almanac , studies , research , metrics Continue Using .env Files as Usual Sep 24, 2022 203 environments Quick Reminder: HTML5 “required” and “pattern” Are Not a Security Feature cod )Sep 22, 2022 202 html , forms Stop Using .env Files Now Sep 19, 2022 201 environments Debunking Myths About HTTPS Sep 18, 2022 200 http , myths Secure Your Node.js App With JSON Web Tokens app )Sep 14, 2022 199 nodejs , json-web-tokens Dependabot Unlocks Transitive Dependencies for npm Projects git )Sep 7, 2022 198 dependencies , npm JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically Aug 30, 2022 197 studies , research , nodejs , javascript , dependencies , quality Introducing Even More Security Enhancements to npm git )Jul 26, 2022 196 introductions , npm Top 5 npm Vulnerability Scanners Jul 20, 2022 195 npm , vulnerabilities , tooling What Is Passwordless Authentication and How to Implement It Jul 18, 2022 194 authentication , passwords GA4 Is Being Blocked by Content Security Policy Jun 25, 2022 193 csp , metrics , google Please Remove That .git Folder Jun 22, 2022 192 git Should I Have Separate GitHub Accounts for Personal and Professional Projects? Jun 14, 2022 191 discussions , github , career Understanding CSRF Attacks zel )May 29, 2022 190 csrf npm Security Update: Attack Campaign Using Stolen OAuth Tokens git )May 26, 2022 189 oauth , version-control , npm , github Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks sny )May 24, 2022 188 javascript , npm , dependencies Unexpectedly HTTPS? May 16, 2022 187 http How to Respond to Growing Supply Chain Security Risks? Apr 3, 2022 186 how-tos , dependencies , nodejs , npm The Web Is for Everyone: Our Vision for the Evolution of the Web moz )Mar 23, 2022 185 web , outlooks , privacy , accessibility , performance , user-experience Using HTTPS in Your Development Environment Mar 7, 2022 184 http , environments How to Prevent SQL Injection Attacks in Node.js Mar 3, 2022 183 how-tos , nodejs , databases , sql How to Fix Your Security Vulnerabilities With npm Override Feb 23, 2022 182 how-tos , vulnerabilities , npm , dependencies Can You Get Pwned With CSS? Feb 23, 2022 181 css Never, Ever, Ever Use Pixelation for Redacting Text Feb 15, 2022 180 content , images , obfuscation Accessibly Insecure Jan 31, 2022 179 accessibility Lessons Learned From Publishing a Content Security Policy Dec 14, 2021 178 lessons , csp Ain’t No Party Like a Third Party ada /css )Dec 3, 2021 177 dependencies , embed-code Security htt )Dec 1, 2021 176 web-almanac , studies , research , metrics GitHub’s Commitment to npm Ecosystem Security git )Nov 15, 2021 175 github , npm Understanding and Implementing OAuth2 in Node.js hon )Oct 18, 2021 174 nodejs , authorization , oauth How to Win at CORS jaf )Oct 12, 2021 173 how-tos , cors , html , http The Options for Password-Revealing Inputs chr /css )Oct 6, 2021 172 html , css , passwords , usability npm Security Best Practices owa )Aug 3, 2021 171 npm , best-practices Encoding Data for POST Requests jaf )Jun 30, 2021 170 javascript , encoding NPM Global Audit Jun 16, 2021 169 packages , npm , quality , auditing Understanding and Preventing Common Security Vulnerabilities Jun 15, 2021 168 vulnerabilities Open Source Insights Jun 3, 2021 167 websites , foss , dependencies , licensing I Learned to Love the Same-Origin Policy eee /css )Dec 17, 2020 166 cors TLS and mTLS Demystified Dec 9, 2020 165 tls , protocols Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of Dec 9, 2020 164 edge-computing 