I’m getting fully stuck into Node.js today, writing a POC service with a number of REST endpoints, using Express. I do like the quick simplicity of setting up entire services in this way, often in just a single file, there’s always that buzz you get from the initial rapid development of any project in its early stages.
One thing I will say, though, is that I do have doubts about my own ability/knowledge when it comes to securing a Node app, as opposed to a Spring/Java service which I’m a lot more accustomed to. I need a bit more experience with Node in production before I reach a reasonable level of confidence in security matters.
In this case, however, the service I am writing is a purely public search engine wrapper, with only GET endpoints and no intrinsic vulnerabilities provided by the endpoints themselves (I have taken care of the obvious SQL injection stuff etc.). With that in mind, I don’t have any huge concerns in deploying the finished version to production.
Best crack on.