All your packages are belong to us - Protecting your npm dependencies - Chris Laughlin | WFH Conf

As technology advances and the applications we build become more complex, the tools that we use to secure the data shared within these products need to follow suit. We need to ensure that we deliver a high standard of protection to users, allowing them to seamlessly use the product without thinking about security or any potential threat. Even just a thought of any risk could lose us our customers’ trust and therefore millions in investment and in turn threaten our entire business as a whole (including our jobs).

A security breach is a very real problem, both personally as an individual and professionally in a business sense. But we as developers can help fix this problem. In very recent years there has been a number of incidents involving npm dependencies pushing vulnerabilities to consumers or exposing data. This led to the npm team purchasing a security tool to prevent future incidents. These incidents can easily be stopped and further prevented from happening again. NPM is the first main carrier of personal information and it, therefore, should be where we start to repair these issues.

*****
Recorded March 26th 2020 | Work From Home Conf
Organised by James Snell - Head of NearForm Research
In partnership with NearForm & GitHub.

More details: https://community.nearform.com/wfh-conf