Zurück

What's Really Going on Inside Your Node_Modules Folder [Remote Talk]

Do you know what's really going on in your node_modules folder? Software supply chain attacks have exploded over the past year and they're only accelerating in 2022 and beyond. We'll dive into examples of recent supply chain attacks and what concrete steps you can take to protect your team from this emerging threat.

[The Speaker will present his talk live remotely and do a moderated Q&A session afterwards]

Vorkenntnisse

Interest in security
Familiar with JavaScript development practices
Have used open source before
package.json, node_modules folder

Lernziele

1-minute teaser video: https://www.youtube.com/watch?v=EIEVrjADiDQ
Understand the scope of the supply chain threats against the open source ecosystem, specifically with a focus on npm and JavaScript
Review of our work to audit every open source package on npm to detect the following types of attacks: malware, typo-squats, hidden code, misleading packages, permission creep
Specific examples and code walk-throughs of actual malware that was found on npm
Discussion of existing methods and tools for detecting supply chain attacks against open source, including limitations
Introduction of new open source tool which help detect supply chain attacks in real-time

Speaker

Feross Aboukhadijeh is the founder and CEO of Socket, where he's working on a new approach to supply chain security by auditing every package on npm to detect suspicious changes and block supply chain attacks without slowing the development process. Feross is the author and maintainer of WebTorrent, StandardJS, and hundreds of other open source projects. His software is downloaded 500+ million times per month.

Jetzt Tickets sichern

enterJS-Newsletter

Du möchtest über die enterJS
auf dem Laufenden gehalten werden?

Anmelden