| OP here, lots of reasons. I reviewed a book called "Node Security". - The level of technical quality of the book was not what I would expect for ~$40. - I was arguably naive and under qualified (although probably qualified enough for the level the book ended up being), having some Node and some security experience. - The author was probably more naive and no more qualified, having no security experience. - The book ended up becoming a list of tutorials about how to use certain libraries for authentication/etc in Node apps. - My main feedback was that I felt an additional last chapter should be added, that showed how to deploy a node app behind Nginx with a basic security setup in production. I felt this was in-line with the very (in my opinion overly) practical nature of the book, I also felt that "deploy behind Nginx" or something along those lines was one of the most obvious things to do in terms of security, and a real quick win. They made it clear that adding a chapter, however short, was out of the question. - Really the only thing I was encouraged to do was to test the code examples to make sure they worked. I did find a security vulnerability in one of them, and that was fixed, but that was probably the most meaningful change I had an impact on. |