Node.js and JavaScript enable teams to be incredibly productive by dramatically reducing development time, needing less code to be written, and simplifying maintenance. The Node.js package ecosystem is the largest of any platform in history. This is a blessing and a challenge. The wealth of packages available to Node.js developers means building on simple, open-source components is easy. Having such a large ecosystem leads to an interesting challenge: how do developers, businesses, and organizations know that those packages are safe to use? Thankfully, NodeSource and Snyk enable developers to easily integrate security best practices into their everyday workflows, so security is taken care of before it’s too late.

  • Understanding the Node.js platform and its security surface area.
  • What are the common security issues for Node.js?
  • How do you protect Node.js applications from security vulnerabilities?
  • Enabling active security protection in production applications.
  • You found an issue, what do you do next?


Guy Podjarny is a Co-founder at, focusing on securing open source code. Guy was previously CTO at Akamai and founder of, and worked on the first web app firewall & security code analyzer. Guy is a frequent conference speaker, the author of “Responsive & Fast”, “High Performance Images” and the upcoming “Securing Open Source Code”.

Dan Shaw is Co-founder and CTO of NodeSource and is dedicated to helping improve and grow the Node.js Ecosystem. He is a veteran of numerous Node.js startups including Voxer, Spreecast and Storify. Dan has extensive experience building large-scale, realtime systems with Node.js and has been building production services using Node since v0.2. Dan is a frequent speaker, host of the NodeUp podcast and organizer of events like EnterpriseJS and the SFNode meetup. Prior to Node, Dan worked in large-scale government contracts for Defense, Health Care and Education.

Watch the Recording