# Node.js security

* <https://app.snyk.io> to know which package have known vulnerabilities
* Express security checklist&#x20;
  * <https://expressjs.com/en/advanced/best-practice-security.html#use-helmet>
  * [https://blog.risingstack.com/node-js-security-checklist](https://blog.risingstack.com/node-js-security-checklist/)
* Hydra <https://github.com/vanhauser-thc/thc-hydra> to simulate attacks
* Google recaptcha v3 calculate probability of user being robot without interrupting user and by analyzing the user behavior on the app <https://developers.google.com/recaptcha/docs/v3>