Before you go, check out these stories!

0
Hackernoon logoIntroducing NodeSecurity: A better way to control module access! by@MattHWebDesign

Introducing NodeSecurity: A better way to control module access!

Author profile picture

@MattHWebDesignMatt Hayward

Inspired by David Gilbertsonโ€™s recent post (https://hackernoon.com/npm-package-permissions-an-idea-441a02902d9b) and some of the recent issues with npm packages being hijacked, I just published the first version of NodeSecurity on GitHub.

David wrote in his postโ€ฆ

Imagine a package, created and maintained by npm (or someone equally trustworthy and farsighted). Letโ€™s call it @npm/permissions.
You would include this @npm/permissions package as the first import in your app, either in a file, or you run your app like node -r @npm/permissions index.js.
This would override require() to enforce the permissions stated in a packageโ€™s package.json permissions property.

So I made it happen!

How itย works

NodeSecurity works by overriding the Node.JS require() function, allowing us to enforce access constraints.

Usage

Firstly include NodeSecurity in your project at the very top of your applications entrypoint (before any other requires) and create a new instance.

Note: If youโ€™re using the ES6 imports youโ€™ll need to create a seperate file that is imported at the entrypoint of your application. Without doing this it wonโ€™t be possible to configure NodeSecurity before any other modules are loaded.

Configure NodeSecurity

๐ŸŽ‰ And youโ€™re done! ๐ŸŽ‰

All required / imported modules from this point onwards will have to be allowed by our configuration.

I need yourย help

NodeSecurity is no where near finished and without a doubt there is ways to bypass its security! If youโ€™ve got any feedback, suggestions or want to contribute please reach out or submit a PR!

You can via the GitHub repo here:

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.