@aikidosec/runtime
Advanced tools
Aikido runtime protects your application against NoSQL injections and more
Protects your application against
Aikido runtime for Node.js is compatible with
express 4.xmongodb 4.x, 5.x and 6.x (npm package versions, not MongoDB server versions)mongoose 8.x, 7.x and 6.xpg 8.x and 7.xmysql 2.xmysql2 3.x@google-cloud/pubsub 4.x@google-cloud/functions-framework 3.x# The --save-exact makes sure that you don't automatically install a newer version
$ npm install --save-exact @aikidosec/runtime
# The --exact makes sure that you don't automatically install a newer version
$ yarn add --exact @aikidosec/runtime
@google-cloud/pubsub, follow the Google Cloud Pub/Sub instructionsAikido Security is a developer-first software security platform. We scan your source code & cloud to show you which vulnerabilities are actually important.
You can use some of this library's features without Aikido, but you will get the most value when using it with Aikido.
You will need an Aikido account and a token to report events to Aikido. If you don't have an account, you can sign up for free.
Here's how:
AIKIDO_TOKEN(You can use dotenv to load the token from an .env file)
By default, the runtime will only detect and report attacks to Aikido.
If you want to start blocking requests, you can set the AIKIDO_BLOCKING environment variable to true.
See Reporting to Aikido to learn how to send events to Aikido.
We run a benchmark on every commit to make sure that the runtime has a minimal impact on your application's performance.
The bench runs a simple MongoDB query to measure the difference between two runs with and without the runtime:
| Without runtime | With runtime | Difference in ms |
|---|---|---|
| 0.214ms | 0.222ms | +0.008ms |
(Using Node.js 18.x and MongoDB 6.3.x, results will vary depending on your hardware)
See benchmarks for more information.
$ make install to install dependencies$ make build to build the library$ make watch to watch for changes and rebuild the library$ make test to run tests using tap$ make end2end to run end-to-end tests using tap$ make lint to run ESLintFAQs
Aikido runtime protects your application against NoSQL injections and more
The npm package @aikidosec/runtime receives a total of 15 weekly downloads. As such, @aikidosec/runtime popularity was classified as not popular.
We found that @aikidosec/runtime demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.
Security News
TC39 met in Seattle and advanced 9 JavaScript proposals, including three to Stage 4, introducing new features and enhancements for a future ECMAScript release.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.