@ijstech/node
v0.1.95
Published
Secure Node
Downloads
111
Readme
@ijstech/node
Secure Node Server
Node.js is one of the most popular application frameworks in use today especially in cloud and web-based applications. A typical Node.js application may contain hundreds or thousands of 3rd party developed npm packages. These NPM packages enable developers to be extremely productive in developing solutions and it is a key reason why the use of Node.js is so attractive to developers. However, in a traditional Node.js implementation, these NPM packages come at a security cost.
In a traditional Node.js architecture, each of the NPM packages are allowed access to local server resources including sensitive capabilities such as uploading and downloading external files. As NPM packages are updated, security issues can be introduced to compromise the system. According to this study (https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/), it would only take the hacking of 20 high-profile dev accounts to compromise half of the npm ecosystem. Thus, using npm packages, the traditional way will expose the applications to security risks that cannot be tolerated in mission critical systems.
@ijstech/node allows developers to use NPM packages with fewer concerns as logic runs on isolated VMs. @ijstech/node is also a complete secure application development framework featuring the following:
- A default secure server which supports SSL protocol by default, and using only minimum set of code reviewed npm packages
- An isolated VM which creates a completely isolated runtime environment for application logics:
- each VM instance runs on separate thread
- restrict the code from accessing server resources (e.g. open new ports, access local files etc)
- set memory limits / safe against heap overflow DoS attacks
- set CPU limits, release the VM instance if runtime duration exceeds the limit
- A bunch of packages (https://www.npmjs.com/org/ijstech) which is using the VM security model to wrap third-party npm packages to provide common functionalities in a secure way
Usage
Step 1: Create a new folder
mkdir demo
cd demo
Step 2: Initialize a worker/router plugin
npx @ijstech/plugin init <worker/router> <name>
e.g.: npx @ijstech/plugin init worker @scom/demo1
Step 3: Install package dependencies
npm i
for npm 9.x
npm i --install-links=false
or
docker-compose up install
Step 4: Run unit test
npm run test
or
docker-compose up test
Step 5: Build plugin
npm run build
or
docker-compose up build