terriajs-server
terriajs-server copied to clipboard
Investigate an alternative for `express-brute`
express-brute
is now 8 years old, the version of its underscore
dependency has a critical security warning. For now, we have put in place yarn resolution rules to force a safer version. However we could look for an alternative solution, some options include:
- forking
express-brute
- investigate using https://www.npmjs.com/package/express-rate-limit
One thing to consider is some of the server config params share the same names as express-brute options. If we have to avoid a breaking change, then we have to manage that somehow.