Node.js

Security Commands

Secure Node.js applications with the permission model, dependency auditing, and security-focused runtime flags. Protect against common vulnerabilities.

6 commands

Pro Tips

Use 'node --experimental-permission --allow-fs-read=/app app.js' to restrict file system access (Node 20+).

Run 'npm audit' regularly and 'npm audit fix' to patch known vulnerabilities in dependencies.

Use 'node --disable-proto=throw' to prevent prototype pollution attacks.

Common Mistakes

npm audit may report false positives. Check if vulnerabilities are actually exploitable in your usage before panicking.

Never run untrusted code without the permission model. A malicious package can access your filesystem and network.

Commands

Enable permissions

$ node --permission app.js

Enable permission restrictions (Node.js 23.5+).

Allow file reads

$ node --permission --allow-fs-read=/app/* app.js

Allow reading files in /app directory only.

Allow file writes

$ node --permission --allow-fs-write=/tmp app.js

Allow writing to /tmp only.

Allow network

$ node --permission --allow-net app.js

Enable network access.

Disallow eval

$ node --disallow-code-generation-from-strings app.js

Block eval() and new Function().

JIT-less mode

$ node --jitless app.js

Disable JIT compilation (security-focused).