npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@ijstech/node

v0.1.95

Published

Secure Node

Downloads

111

Readme

@ijstech/node

Secure Node Server

Node.js is one of the most popular application frameworks in use today especially in cloud and web-based applications. A typical Node.js application may contain hundreds or thousands of 3rd party developed npm packages. These NPM packages enable developers to be extremely productive in developing solutions and it is a key reason why the use of Node.js is so attractive to developers. However, in a traditional Node.js implementation, these NPM packages come at a security cost.

In a traditional Node.js architecture, each of the NPM packages are allowed access to local server resources including sensitive capabilities such as uploading and downloading external files. As NPM packages are updated, security issues can be introduced to compromise the system. According to this study (https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/), it would only take the hacking of 20 high-profile dev accounts to compromise half of the npm ecosystem. Thus, using npm packages, the traditional way will expose the applications to security risks that cannot be tolerated in mission critical systems.

@ijstech/node allows developers to use NPM packages with fewer concerns as logic runs on isolated VMs. @ijstech/node is also a complete secure application development framework featuring the following:

  • A default secure server which supports SSL protocol by default, and using only minimum set of code reviewed npm packages
  • An isolated VM which creates a completely isolated runtime environment for application logics:
    • each VM instance runs on separate thread
    • restrict the code from accessing server resources (e.g. open new ports, access local files etc)
    • set memory limits / safe against heap overflow DoS attacks
    • set CPU limits, release the VM instance if runtime duration exceeds the limit
  • A bunch of packages (https://www.npmjs.com/org/ijstech) which is using the VM security model to wrap third-party npm packages to provide common functionalities in a secure way

Usage

Step 1: Create a new folder

mkdir demo
cd demo

Step 2: Initialize a worker/router plugin

npx @ijstech/plugin init <worker/router> <name>
e.g.: npx @ijstech/plugin init worker @scom/demo1

Step 3: Install package dependencies

npm i

for npm 9.x

npm i --install-links=false

or

docker-compose up install

Step 4: Run unit test

npm run test

or

docker-compose up test

Step 5: Build plugin

npm run build

or

docker-compose up build