Some thoughts on how Node.js might respond to a changing security environment
Clone or download
mikesamuel Linked to disclosure of latest supply chain attack against NPM
Added one link to the threat page for malicious third party code
and one link that broke since initial publication.
Latest commit 8e01b94 May 3, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.well-known
appendix Fixed bug: appendix/README.md links broken on hosting Jan 10, 2018
chapter-1 Linked to disclosure of latest supply chain attack against NPM May 3, 2018
chapter-2 added note about Mathjs moving away from eval Mar 7, 2018
chapter-3 Consolidated list of vuln feeds. Dec 22, 2017
chapter-4
chapter-5 Consolidated list of vuln feeds. Dec 22, 2017
chapter-6 Consolidated list of vuln feeds. Dec 22, 2017
chapter-7 updated links to template tag code Jan 26, 2018
images
styles Added a top-bar button that links to the GitHub repo (#18) Jan 11, 2018
third_party
.bookignore ignore CONTRIBUTING.md which is instructions for those who want to co… Jan 5, 2018
.gitignore Makefile cleanup Jan 5, 2018
CONTRIBUTING.md
CONTRIBUTORS.md Add Trott to contributors for multiple PRs to fix typos and errors. (#24 Mar 7, 2018
LICENSE Export "Node Security Roadmap" to Github. Dec 13, 2017
Makefile Use newest html-proofer Mar 7, 2018
README.md changed cover page from defau Jan 11, 2018
SUMMARY.md Address issue 14: note availability concerns (#25) Mar 7, 2018
app.yaml Make skip_files rule explicit and tweak to allow .well-known/* to upl… Jan 29, 2018
book.json.withcomments
cover.md incorporated copy-edits Mar 12, 2018
license.md Export "Node Security Roadmap" to Github. Dec 13, 2017
package-lock.json fresh npm install letting versions float Mar 7, 2018
package.json publish the generated HTML, not the markdown Jan 26, 2018

README.md

Node.js Security Roadmap

The security roadmap is a gitbook publication available at nodesecroadmap.fyi.

$ npm start

will serve the book via localhost:4000.

$ make help

will display help information about other options.

Please file errata at the issue tracker or send us a pull request.

If you'd like to help out, please also see our contribution guidelines.