• Introduction
  • Threat Environment
    • Zero Day
    • Buffer Overflow
    • Weak Crypto
    • Poor Developer Experience
    • Denial of Service
    • Exfiltration of Data
    • Low Quality Code
    • Malicious Third-Party Code
    • Query Injection
    • Remote Code Execution
    • Shell Injection during Production
    • Unintended Require
    • Recap
  • Dynamism when you need it
    • Dynamic Bundling
    • Production Source Lists
    • What about eval?
    • Synthetic Modules
    • Bounded Eval
  • Knowing your dependencies
  • Keeping your dependencies close
  • Oversight
  • When all else fails
  • Library support for safe coding practices
    • Query languages
    • Child processes
    • Structured strings
  • Appendix: Experiments
  • Contributors
  • License
  • Errata
  • Published with GitBook

Contributors

  Github  Printable
  • Ali Ijaz Sheikh
  • Franziska Hinkelmann
  • Jen Tong
  • John J. Barton
  • Justin Beckwith
  • Mark S. Miller
  • Mike Samuel
  • Myles Borins

Special thanks for feedback and criticism:

  • Matteo Collina
  • Rich Trott

results matching ""

    No results matching ""