/tutorial-security-nodejs-snyk-github

🔰 Improve the Security of your ⬡ NodeJS project with 🐕 Snyk and your Github Account.

Primary LanguageJavaScript

Tutorial Improve the Security of your NodeJS projects with Snyk and Github

In this tutorial I want to show you how to link your Github account with Snyk and improve the security of your NodeJS projects.



🔖 Description

In this tutorial I want to show you how to link your Github account with Snyk and how to increase the security of your NodeJS projects.

✅ Prerequisites

In order to work with this project, your local environment must have at least the following versions:

  • NodeJS Version: 14.7.x
  • NPM Version: 6.14.x

📐 How to work with this project in Snyk and Github

First of all you need to create an user account in Snyk with your Github account.

1️⃣ In this tutorial you can see that we have these dependencies in the "package.json" file:

"dependencies": {
  "express": "4.14.0",
  "jsonwebtoken": "7.2.0",
  "moment": "2.16.0"
}

2️⃣ If we try remove this vulnerabilities adding the circumflex character, we can see that the express and moment vulnerabilities disappear, but not in jsonwebtoken:

"dependencies": {
  "express": "^4.14.1",
  "jsonwebtoken": "^7.2.1",
  "moment": "^2.16.0"
}

In the following link you can read more info about Semantic Versioning

3️⃣ If we update them by these others or higher versions, the vulnerabilities will disappear:

"dependencies": {
  "express": "4.17.1",
  "jsonwebtoken": "8.5.1",
  "moment": "2.24.0"
}

📹 Demos with VSCode

The following video shows how you can create a Snyk Account with Github.

Video

How the circumflex ^ can resolve several vulnerabilities of our projects.

Video

We can remove all vulnerabilities by reviewing the dependencies and updating them to a higher version.

Video

📂 Code Scaffolding

/
├── assets 🌈                   # Images Sources.
├── src 📦                      # All Apps with demos.
|   ├── example-import          # Demo with express dependence.
|   ├── example-jsonwebtoken    # Demo with jsonwebtoken dependence.
|   ├── example-moment          # Demo with moment dependence.
|   └── ...
└── ...

⛽️ Review and Update Dependencies

To review and update all of this project's npm dependencies you will need to install globally the "npm-check-updates" package.

# Install and Run
$npm i -g npm-check-updates
$ncu

License

MIT

Happy Code

Created with JavaScript, lot of ❤️ and a few ☕️

This README.md file has been written keeping in mind

GitHub Markdown
Emoji Cheat Sheet