Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Meteor Security Essentials


Security should be a major part of every Meteor developer's planning. Without security, our applications are vulnerable to all kinds of attacks. This talk will go over some security essentials that you can (and should) use in your own applications. We'll take a look at:

Autopublish & Insecure

Why to remove two packages that ship with Meteor that render your app a field day for any in-the-know attacker.

Allow/Deny Rules

Defining rules for how the database can be manipulated from the client.

Publications & Subscriptions

Making use of Meteor's publish and subscribe methods to control what data is accessible on the client when.

Check & Audit Argument Checks

Installing the check package and its companion audit-argument-checks to validate arguments passed to server-side methods.

Browser Policy

Installing and configuring the browser-policy package to control which content can be loaded in your app and whether your app can be framed.


Storing sensitive information like API keys in settings.json and how to share specific information with the client and the server.

Additional Security Techniques

Techniques that can be added in addition to what's outlined above on an as-needed basis:

What's in here?

This repository includes example implementations of each of the concepts above. Each example is fairly generic, so make sure to research how the techniques we'll discuss will play into your application before you go into production.

Note: additional security functionality has been added to this app by the following packages:

  • Audit Argument Checks - meteor add audit-argument-checks
  • Browser Policy - meteor add browser-policy
  • Check - meteor add check

Additional packages have been added as part of Base, the starter kit used to create this example.


If you're interested in learning more about security and how to implement it in your application, the following resources are recommended:


Essential security techniques for Meteor applications.



No releases published


No packages published
You can’t perform that action at this time.