Putting the helmet on – Securing your Express app
Express is a great way to build a web server using Node.js. It’s easy to get started with and allows you to configure and extend it easily thanks to its concept of middleware. While there are a variety of frameworks to create web applications in Node.js, my first choice is always Express. However, out of the box Express doesn’t adhere to all security best practices. Let’s look at how we can use modules like
helmetto improve the security of an application.
Before we get started make sure you have Node.js and npm (or yarn) installed. You can find the download and installation instructions on the Node.js website.
We’ll work on a new project but you can also apply these features to your existing project.
Start a new project in your command line by running:
mkdir secure-express-demo cd ...
Sharing information between different devices in real-time is difficult but with Twilio Sync it’s just a matter of a few lines of code. To see how Sync works let’s create our own version of the TodoMVC application using Twilio Sync to store our data and share it across multiple devices.
We’ll base our version on a copy of the Vanilla JS version of TodoMVC and alter the storage that is currently local storage to Twilio Sync. However, you can use the same code with your favorite framework as well.
Before we get started make sure that you got the following things:
- Node.js with npm installed. You can find the instructions to install on their website.
- A Twilio Account. Sign up for free.
Start by cloning the template branch of this repository and install the dependencies:
git clone -b template https://github.com/dkundel/todomvc-twilio-sync.git ...
Working with Environment Variables in Node.js
Working with environment variables is a great way to configure different aspects of your Node.js application. Many cloud hosts (Heroku, Azure, AWS, now.sh, etc.) and Node.js modules use environment variables. Hosts, for example, will set a
PORTvariable that specifies on which port the server should listen to properly work. Modules might have different behaviors (like logging) depending on the value of
Here are some of my tricks and tools when working with environment variables in Node.js.
Accessing environment variables in Node.js is supported right out of the box. When your Node.js process boots up it will automatically provide access to all existing environment variables by creating an
envobject as property of the
processglobal object. If you want to take a peek at the object run the the Node.js REPL with
nodein your command-line and type ...
JS 💖 Hardware – Getting started with Nodebots and Johnny-Five
The option we’ll use is the npm module
johnny-five. Johnny-Five isn’t limited to certain hardware but instead supports a wide range of different microcontroller platforms (including the Tessel) using various I/O plug-ins. The ...
Scan your projects for crossenv and other malicious npm packages
On August 1st, Oscar Bolmsten tweeted about how he found a malicious npm package called
crossenvthat scans for environment variables and
POSTs them to a server.
— Oscar Bolmsten (@o_cee) August 1, 2017
This is particularly dangerous considering that you might have secret credentials for different services stored in your environment variables. Apparently it’s also not limited to just
crossenv, but a series of packages — all of them are names of popular modules with small typos such as missing hyphens.
Check your project for malicious packages
These packages have been taken down by
npm, but since credential theft happens upon installation, you should check if you have installed one of them. Ivan Akulov was so kind to compose and publish a list of ...
One of my favorite things from IT Crowd is their “Hello IT” machine. It’s the perfect solution for lazy people who are tired of answering the same IT support questions again and again. With Twilio Functions and the new Speech Recognition we can build our own version of this machine with just a few lines of code.
If you are not familiar with the answering machine from IT Crowd make sure to check out this video of it in action.
You can also check out the final result by calling one of these numbers:
- 🇬🇧 +44 20 3389 5853
- 🇺🇸 (415) 702-4376
Before we get going make sure you have a Twilio account. Sign up for free.
Now let’s get coding!
The first thing we need to do is create a new Twilio Function that will handle all of our requests. Twilio Functions allows you to host Node ...
Writing a Node.js module in TypeScript
Let’s build a module that exposes a function that filters out all emojis in a string and returns the list of emoji shortcodes. Because who doesn’t love emojis?
✨ Installing dependencies
First create a new directory for your module and initialize the
package.jsonby running in your command line:
mkdir emoji-search cd emoji-search npm init -y
Deploy .NET Core with Docker and now.sh
Bundling up your application into a Docker container has many benefits including making deployments really easy without being bound to a particular cloud host. In this post we will containerize a .NET Core application and deploy it using Docker.
Before we can get started we need a couple of dependencies installed. Make sure you have the latest .NET Core SDK installed. You can download the SDK for your operating system on the project page.
In order to be able to run the Docker containers locally we also need to install Docker. You can find the instructions for your respective operating system on the Docker website.
If you are like me using Visual Studio Code as a code editor, you should also check out the Docker extension.
Creating a .NET Core project
If you already have an existing .NET Core project you are more than welcome to use it. Otherwise ...
Phone Number Verification without Regular Expression
Having invalid data in your database can be a nightmare. Especially if you are intending to use the data to do things like sending important SMS to your users. A typical solution is to use
/Regular Expressions/gito make sure the value at least looks like a phone number, but that still doesn’t prevent someone from entering a fake number and supporting international numbers makes it even harder. What if I told you that you can test for valid phone numbers using Twilio Lookup!
Before I show you how, we need to make sure we are all set for this adventure. Check that you have the following things:
Let’s start by creating a new Node.js project by running the following on our command line:
mkdir phone-verification cd phone-verification npm init ...
How To Set Environment Variables
There are some things we just shouldn’t share with our code. These are often configuration values that depend on the environment such as debugging flags or access tokens for APIs like Twilio. Environment variables are a good solution and they are easy to consume in most languages.
Environment variables, as the name suggests, are variables in your system that describe your environment. The most well known environment variable is probably
PATHwhich contains the paths to all folders that might contain executables. With
PATH, you can write just the name of an executable rather than the full path to it in your terminal since the shell will check the local directory as well as all directories specified in the
PATHvariable for this executable.
Aside from ‘built-in’ variables we also have the opportunity to define our own environment variables. Since they are bound to our environment they ...