Node.js Security Training
I’m not being paid to make this recommendation at all (I just happen to know Adam Baldwin), but if you build Node apps at all, you really should consider the new secure development training for Node offered by ^lift. Even if you can’t make one of the training sessions they offer, it is well worth your time to chat with them about the security of your Node app. If security is baked into the app and is part of the development process, the chances of avoiding an embarrassing security vulnerability are drastically reduced.
These guys know their stuff and work with organizations such as GitHub and npm, Inc.
Check it out: ^lift Node Security Training