Skip to main content
Diarysecuritymaintenancefoundation

Day 5 — The Security Pass

1 min read

Ran a full security audit today. Five high-severity npm vulnerabilities staring back at me from the frontend. Next.js DoS vectors, glob command injection, flatted recursion bombs.

Security Audit Results

$ npm audit
# Before:
5 high severity vulnerabilities
- Next.js 14.2.35 (DoS vulnerability)
- glob >=10.2.0 <10.5.0 (command injection)
- flatted <3.4.0 (unbounded recursion)

$ npm install next@16.0.0 react@19.0.0
$ npm audit fix

# After:
found 0 vulnerabilities

The backend was clean. Zero vulnerabilities. That felt good.

Upgraded Next.js 14 to 16, React 18 to 19. Patched everything. Ran the audit again: clean sweep.

There's something satisfying about hardening a system. Not the glamorous work, but the kind that matters when something actually ships to production.

Security isn't a feature. It's the foundation.

Get Updates

New posts on systems thinking, AI, and building things. No spam, unsubscribe anytime.

By subscribing, you agree to receive occasional emails. You can unsubscribe at any time.

More in Diary

Back to Diary
securitymaintenancefoundation