Skip to main content

n8n-code-javascript

Facilitates writing JavaScript code in n8n Code nodes for data processing and API interactions.

Install this skill

or
20/100

Security score

The n8n-code-javascript skill was audited on May 15, 2026 and we found 22 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 410

Template literal with variable interpolation in command context

SourceSKILL.md
410const value = `${$json.field}`;
medium line 606

Template literal with variable interpolation in command context

SourceSKILL.md
606console.log(`Processing ${items.length} items`);
high line 677

Template literal with variable interpolation in command context

SourceSKILL.md
677- [ ] **No n8n expressions** - Use JavaScript template literals: `` `${value}` ``
medium line 37

Webhook reference - potential data exfiltration

SourceSKILL.md
374. **CRITICAL**: Webhook data is under `$json.body` (not `$json` directly)
low line 173

Webhook reference - potential data exfiltration

SourceSKILL.md
173const webhookData = $node["Webhook"].json;
low line 179

Webhook reference - potential data exfiltration

SourceSKILL.md
179webhook: webhookData,
medium line 190

Webhook reference - potential data exfiltration

SourceSKILL.md
190## Critical: Webhook Data Structure
medium line 192

Webhook reference - potential data exfiltration

SourceSKILL.md
192**MOST COMMON MISTAKE**: Webhook data is nested under `.body`
low line 199

Webhook reference - potential data exfiltration

SourceSKILL.md
199// ✅ CORRECT - Webhook data is under .body
low line 204

Webhook reference - potential data exfiltration

SourceSKILL.md
204const webhookData = $input.first().json.body;
low line 205

Webhook reference - potential data exfiltration

SourceSKILL.md
205const name = webhookData.name;
medium line 208

Webhook reference - potential data exfiltration

SourceSKILL.md
208**Why**: Webhook node wraps all request data under `body` property. This includes POST data, query parameters, and JSON payloads.
medium line 210

Webhook reference - potential data exfiltration

SourceSKILL.md
210**See**: DATA_ACCESS.md for full webhook structure details
medium line 289

Webhook reference - potential data exfiltration

SourceSKILL.md
289Combine data from multiple APIs, webhooks, or nodes
medium line 442

Webhook reference - potential data exfiltration

SourceSKILL.md
442### #5: Webhook Body Nesting
low line 445

Webhook reference - potential data exfiltration

SourceSKILL.md
445// ❌ WRONG: Direct access to webhook data
low line 448

Webhook reference - potential data exfiltration

SourceSKILL.md
448// ✅ CORRECT: Webhook data under .body
medium line 659

Webhook reference - potential data exfiltration

SourceSKILL.md
659- Webhook → Code → API pattern
medium line 679

Webhook reference - potential data exfiltration

SourceSKILL.md
679- [ ] **Webhook data** - Access via `.body` if from webhook
low line 465

External URL reference

SourceSKILL.md
465url: 'https://api.example.com/data',
low line 544

External URL reference

SourceSKILL.md
544url: 'https://api.example.com/data'
low line 697

External URL reference

SourceSKILL.md
697- Luxon Documentation: https://moment.github.io/luxon/
Scanned on May 15, 2026
View Security Dashboard
Installation guide →
GitHub Stars 37.6K
Rate this skill
Categorydevelopment
UpdatedMay 20, 2026
apibackenddata-engineerbackend-developergrowth-marketern8ndevelopmentmarketing
sickn33/antigravity-awesome-skills