Skip to content

Latest commit

 

History

History
15 lines (12 loc) · 1.47 KB

SECURITY.md

File metadata and controls

15 lines (12 loc) · 1.47 KB

Security

We deal with security very seriously. Pay attention to not upload any code that can lead to security issues to the application.

Here are come important and most common security issues:

  • Do not include Docker images with reported security issues
  • Keep dependencies updated, newer versions can deal with discovered vulnerabilities.
  • Use the latest Node.JS version, specifically in this project newer versions of the runtime could better fit with performance than older versions
  • Avoid hardcoding sensitive information about environment variables that handle sensitive information as like API keys or credentials, database connections, etc
  • If you implement or find some input without validation please report, and if possible make the validation by yourself. This prevent common attacks like cross-site-scripting (XSS), etc
  • If you implement or find some input without sanitisation please report, and if possible make the sanitisation by yourself. This is prevent common attacks like SQL injection, etc
  • Prevent code injection attacks against some reported and discovered vulnerabilities in Javascript like the use of eval(). These practices can lead to code injection vulnerabilities.
  • Always maintain the project lint configuration and the code test coverage. Make sure to include to repository only code checked and tested.
  • Regularly update your deps, OS, and your environment as part of the security community. Your contribution is always welcome but do not break anything.