# Security best practices When using Node.js and *npm* on AL2023, follow the upstream [Node.js security best practices](https://nodejs.org/learn/getting-started/security-best-practices) guide. It covers application-level threats including supply chain attacks, and mitigations such as using lockfiles and disabling lifecycle scripts.