Loading course…
Hardening Your npm Projects Against Threats
Created by Rahul Subramaniam
Learn to recognise dependency risks, assess vulnerability severity, update safely, and implement modern supply-chain defences. By the end, you’ll confidently secure any npm-based project.
Requirements
- Basic command-line skills
- Fundamental understanding of Node.js and npm
- General web-development workflow familiarity
What you'll learn
- Identify and explain how deep dependencies introduce security risk.
- Assess vulnerability severity using industry standards.
- Execute safe, non-breaking package updates.
- Implement lockfiles and npm ci for reproducible secure builds.
- Configure CI trusted publishing to defend against supply-chain attacks.
Learning path
5 modules • Each builds on the previous one
1
NPM Security Overview
Introduce why npm security matters, common threat types, and how vulnerabilities enter projects through dependencies.
1 video5 min
2
Understanding Dependency Tree
Explore how direct and transitive dependencies form a tree, increasing attack surface and complicating updates.
1 video10 min
3
Assessing Vulnerability Severity
Teach CVSS scores, critical/high/medium/low labels, and factors like exploitability and package usage context.
1 video7 min
4
Mitigation Update Strategies
Compare updating, patching, replacing, or temporarily removing packages; cover semantic versioning and changelog checks.
1 video7 min
5
Preventing Supply Chain Attacks
Cover techniques like vetting maintainers, checking package popularity, using lockfiles, and disabling install scripts.
2 videos17 min
Start Learning
Begin your learning journey
Modules5
Duration42 min
Science-backed learning
In-video quizzes and scaffolded content to maximize retention.
Key concepts
Dependency Hell And Security RiskVisualising Dependency TreesCVE Identifiers And CVSS ScoringSemantic Versioning Update StrategiesLockfile-Based Supply-Chain DefenceCI-Driven Trusted Publishing