• Accueil
  • Exemples
    Native features
    SSR (getServerSideProps)SSGSSG using fallbackSSG using revalidateCatch-all routes
    Built-in features
    HostingStages & secretsCI/CDStatic i18nMonitoringAPI (Airtable)CSS-in-JSCookies consentAnalyticsIconsCSS AnimationsUI components libraryDocs siteMarkdown as JSX
    Built-in utilities
    I18nLink componentAirtableAsset componentHooksHOCsAPIErrors handlingBundle analysisSVG to ReactSecurity auditTracking useless re-renders
  • Documentation
  • Code source
  • Aller au CMS

Built-in utilities

  • I18nLink component
  • AirtableAsset component
  • Hooks
  • HOCs
  • API
  • Errors handling
  • Bundle analysis
  • SVG to React
  • Security audit
  • Tracking useless re-renders

Previous section - Accueil

Security audit examples

Security is a big thing, and quite a complicated topic.
It's very hard to keep track of node packages, because there is no tool that tells you "This is a real security risk for you and your users".
What most tools tell you, is that a package as a security issue, and it's up to you to define how critical it is.
Even specialised tools like Github alerts for vulnerable dependencies or Snyk mostly generate tons of false-positive warnings that are mostly a big waste of time.

This makes tracking security risks and issues a quite complicated topic, and we don't provide any good solution at the moment.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 yarn security:audit // Tons of noise... ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ low │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ yargs-parser │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ concurrently │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ concurrently > yargs > yargs-parser │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://www.npmjs.com/advisories/1500 │ └───────────────┴──────────────────────────────────────────────────────────────┘ 283 vulnerabilities found - Packages audited: 1874 Severity: 283 Low error Command failed with exit code 2.

At the time of writing, NRN comes with about 300 vulnerabilities of Low level.
That may sound like a lot, but you need to consider that most of those are due to small vulnerabilities that are only exploitable in a development environment.
The above warning, for example, is based on the concurrently package, which is only used during development, when running the app in debug mode.

What we recommend is to ignore Low level vulnerabilities, and rather focus on those that are more critical.
But even though, you'll notice most of them aren't real vulnerabilities. The real vulnerabilities are probably hidden behind all that noise.

If you know of a better way to manage security in your app, don't hesitate to open a Github issue/discussion about it!

Utilisateur 1 - 2023
Tous droits réservés

Conditions générales d'utilisation
Politique de confidentialité
/static/images/LOGO_Powered_by_UNLY_BLACK_BLUE.svg