Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts.
Further Reading:
Introducing Security Alerts on GitHub, by Miju Han
OWASP Insecure Components
OWASP Dependency Check tool
Node Security Platform
-
Snyk.io - Snyk helps you use open source and stay secure by continuously finding and fixing vulnerabilities in your dependencies.
-
NPM-check - Check for outdated, incorrect, and unused dependencies.
- Bithound.io (like Snyk) - Comprehensive code and dependency analysis for Node.js
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up