For for my Understanding, I want to know if, since NodeJS is based on JavaScript, is there a possibility the end user can hack the code in a way that causes a security vulnerability.
What I mean is since the NodeJS is JavaScript, and JavaScript usually runs at browser, So is there a possibility that the end user who is access the application, can look into the business logic of the application?
In particular do any of JavaScript's known security vulnerabilities or precautions in browser based coding extend to server side programming? Or are there any other specific vulnerabilities peculiar to NodeJS that are not found in other server side languages?
Your javascript code running on node.js is as safe as other server side technologies as this code cannot be actually accessed by the user directly.
But lack of knowledge or errors by the person writing the code can result in security vulnerabilities in any language / platform.