Before you import another person’s library, or install new packages, always be wary of the dependencies it can add, especially the security issues that may come with it. Just because a package is open-source does not mean it’s secure.
Pen Test or "Penetration Tests" are used to evaluate the security of computer systems. A methodical approach is required to maintain both the integrity of the results and the stability of the systems being tested. Read more from the SANS Resources.
Red Team Testing or Red Teaming, is a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access. This process is also called “ethical hacking” since its ultimate purpose is to enhance security. Ethical hacking is an “art” in the sense that the “artist” must posses the skills and knowledge of a potential attacker (to imitate an attack) and the resources with which to mitigate the vulnerabilities used by attackers. Read more at SANS.
Maliciously named packages A Malicious Module on NPM, by Adam Baldwin
Trusting 3rd-party libraries on Treehouse:
- Treehouse Video: How to Find and Choose Packages, by Andrew Chalkley
- Treehouse Blog: Evaluating a Package for your Project: The Good, the Bad, and the Ugly
- BlendConf: Ain't No Party Like A Third-Party JS Party, by Rebecca Murphy
Requires Treehouse Pro or Techdegree Account Access
Other reading about trusting 3rd-party libraries:
You need to sign up for Treehouse in order to download course files.Sign up