“Security” in the JavaScript ecosystem by Pim Otte
About this talk
Several incidents, such as `left-pad`, `eslint-scope` and `event-stream` have shown how easily a couple of `npm install` commands can result in a broken or compromised build. For better or for worse, in the JS ecosystem, it is very easy to pull in dependencies and publish your own packages to the de-facto standard npm registery. This makes pulling in vulnerable or unstable code extremely easy. In this quickie, we will blaze through these incidents and how they could happen. After learning from them, we will present avenues to a safer and saner web development ecosystem.
Stay Updated
Get notified about new features and conference additions.
