@aikidosec/runtime
Advanced tools
Aikido runtime protects your application against NoSQL injections and more
Runtime is an embedded security engine for autonomously protecting Node.js apps against common and critical attacks.
Runtime protects your Node.js apps by preventing situations, like user input containing dangerous strings, which allow injection, pollution, and path traversal attacks in the first place. It runs on the same server as your Node.js app for simple installation and zero maintenance.
Runtime autonomously protects your Node.js applications against:
Runtime operates autonomously on the same server as your Node.js app to:
Aikido Runtime for Node.js 16+ is compatible with:
mongodb 4.x, 5.x and 6.x (npm package versions, not MongoDB server versions)mongoose 8.x, 7.x and 6.xpg 8.x and 7.xmysql 2.xmysql2 3.x@google-cloud/functions-framework 3.x@google-cloud/pubsub 4.xSee list above for supported database drivers.
sequelizeknextypeormbookshelfdrizzle-orm# The --save-exact makes sure that you don't automatically install a newer version
$ npm install --save-exact @aikidosec/runtime
# The --exact makes sure that you don't automatically install a newer version
$ yarn add --exact @aikidosec/runtime
For framework- and provider- specific instructions, check out our docs:
Aikido Security is a developer-first software security platform. We scan your source code & cloud to show you which vulnerabilities are actually important.
You can use some of Runtimes's features without Aikido, but you will get the most value by reporting your data to Aikido.
You will need an Aikido account and a token to report events to Aikido. If you don't have an account, you can sign up for free.
Here's how:
AIKIDO_TOKEN, using dotenv or another method of your choosing.By default, Runtime will only detect and report attacks to Aikido.
To block requests, set the AIKIDO_BLOCKING environment variable to true.
See Reporting to Aikido to learn how to send events to Aikido.
This program is offered under a commercial and under the AGPL license. You can be released from the requirements of the AGPL license by purchasing a commercial license. Buying such a license is mandatory as soon as you develop commercial activities involving the Aikido Runtime software without disclosing the source code of your own applications.
For more information, please contact Aikido Security at this address: support@aikido.dev or create an account at https://app.aikido.dev.
We run a benchmark on every commit to ensure Runtime has a minimal impact on your application's performance.
The benchmark runs a simple MongoDB query to measure the difference between two runs with and without Runtime:
| Without Runtime | With Runtime | Difference in ms |
|---|---|---|
| 0.214ms | 0.222ms | +0.008ms |
(Using Node.js 18.x and MongoDB 6.3.x. Results will vary depending on your hardware.)
See benchmarks for more information.
See CONTRIBUTING.md for more information.
See CODE_OF_CONDUCT.md for more information.
See SECURITY.md for more information.
FAQs
Aikido runtime protects your application against NoSQL injections and more
The npm package @aikidosec/runtime receives a total of 15 weekly downloads. As such, @aikidosec/runtime popularity was classified as not popular.
We found that @aikidosec/runtime demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.
Security News
TC39 met in Seattle and advanced 9 JavaScript proposals, including three to Stage 4, introducing new features and enhancements for a future ECMAScript release.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.