What's Really Going on Inside Your Node_Modules Folder [Remote Talk]

Do you know what's really going on in your node_modules folder? Software supply chain attacks have exploded over the past year and they're only accelerating in 2022 and beyond. We'll dive into examples of recent supply chain attacks and what concrete steps you can take to protect your team from this emerging threat.

[The Speaker will present his talk live remotely and do a moderated Q&A session afterwards]


  • Interest in security
  • Familiar with JavaScript development practices
  • Have used open source before
  • package.json, node_modules folder


  • 1-minute teaser video: https://www.youtube.com/watch?v=EIEVrjADiDQ
  • Understand the scope of the supply chain threats against the open source ecosystem, specifically with a focus on npm and JavaScript
  • Review of our work to audit every open source package on npm to detect the following types of attacks: malware, typo-squats, hidden code, misleading packages, permission creep
  • Specific examples and code walk-throughs of actual malware that was found on npm
  • Discussion of existing methods and tools for detecting supply chain attacks against open source, including limitations
  • Introduction of new open source tool which help detect supply chain attacks in real-time



Feross Aboukhadijeh
Feross Aboukhadijeh is the founder and CEO of Socket, where he's working on a new approach to supply chain security by auditing every package on npm to detect suspicious changes and block supply chain attacks without slowing the development process. Feross is the author and maintainer of WebTorrent, StandardJS, and hundreds of other open source projects. His software is downloaded 500+ million times per month.


Du möchtest über die enterJS
auf dem Laufenden gehalten werden?