Node.js Goof is a vulnerable Node.js demonstration application designed for security testing and educational purposes. The application contains multiple types of security vulnerabilities including exploitable packages with known vulnerabilities, Docker image scanning capabilities for base images with vulnerable system libraries, and runtime alerts for detecting invocation of vulnerable functions in open source dependencies. The application includes various code-level vulnerabilities such as: - Open Redirect vulnerabilities - NoSQL Injection attacks - Code Injection flaws - Cross-site Scripting (XSS) vulnerabilities - Information exposure through hardcoded values - Security misconfigurations that expose server information - Insecure HTTP protocol communication - Local File Inclusion and Path Traversal vulnerabilities - Regular expression denial of service vulnerabilities The tool requires MongoDB version 3 for proper functionality and can be deployed on various platforms including Heroku and CloudFoundry with appropriate MongoDB service attachments. It provides step-by-step demonstrations of each vulnerability type and includes cleanup functionality for managing test data.