Kali Linux

NodeSecurityShield : A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

NodeSecurityShield is a Developer and Security Engineer friendly package for Securing NodeJS Applications.

Inspired by the log4J vulnerability (CVE-2021-44228) which can be exploited because an application can make arbitrary network calls.

We felt there is an need for an application to declare what privileges it can have so that exploitation of such vulnerabilities becomes harder.

To achieve this, NSS (Node Security Shield) has Resource Access Policy.

Resource Access Policy (RAP)

Resource Access Policy is similar to CSP(Content Security Policy).

It lets the developer/security engineer declare what resources an application should access. And Node Security Shield will enforce it.

Installation

Install Node Security Shield using npm

npm install nodesecurityshield

Usage

// Require Node Security Shield
let nodeSecurityShield = require(‘nodesecurityshield’);
// Enable Attack Monitoring and/or Blocking
nodeSecurityShield.enableAttackMonitoring(resourceAccessPolicy ,callbackFunction);

Sample resourceAccessPolicy

const resourceAccessPolicy = {
“outBoundRequest” : {
“blockedDomains” : [“.123.com”, “stats.abc.com”, ‘xyz.com’], “allowedDomains” : [“.domdog.io”]
}
};

Sample callbackFunction for Attack Monitoring

var callbackFunction = function (violationEvent) {
console.log(violationEvent);
}

Sample callbackFunction for Attack Blocking

var callbackFunction = function (violationEvent) {
throw new Error(“Request Blocked. It violates declared Resource Access Policy.”)
}

Integrating with Sentry

Sample resourceAccessPolicyto integrate with Sentry

const resourceAccessPolicy = {
“reportUriHosts” : [“ingest.sentry.io”],
“outBoundRequest” : {
“blockedDomains” : [“.123.com”, “stats.abc.com”, ‘xyz.com’], “allowedDomains” : [“.domdog.io”]
}
};

Features

  • Attack Monitoring
    • Outbound Network Calls
  • Attack Blocking
    • Outbound Network Calls
R K

Recent Posts

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

10 hours ago

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Docker is an open-source platform that lets you package and run applications inside containers. Each container…

20 hours ago

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

21 hours ago

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

21 hours ago

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Apache Tomcat is an open-source web server and Java servlet container. It is one of the…

22 hours ago

Automatic Updates on Ubuntu: Set Up unattended-upgrades

Keeping your Ubuntu system updated is one of the best ways to protect it. Security…

23 hours ago