Community Favorite
profile photo of r2cr2c
Download Count*

Rule pack for detecting insecure transport in node js

Run Locally

Rules (8)

profile photo of returntocorpreturntocorp

Checks for setting the environment variable NODE_TLS_REJECT_UNAUTHORIZED to 0, which disables TLS verification. This should only be used for debugging purposes. Setting the option rejectUnauthorized to false bypasses verification against the list of trusted CAs, which also leads to insecure transport. These options lead to vulnerability to MTM attacks, and should not be used.