Episode 22: Secure Javascript with npm with Adam Baldwin
Adam Baldwin is the Director of Security at npm, inc. and so naturally we're talking about how to best handle security issues in our projects.
Recording date: 2019-01-31
John Papa @John_Papa
Ward Bell @WardBell
Adam Baldwin @adam_baldwin
Resources:
- Details about the Event Stream Incident
- News about the Event Stream Incident
- Greenkeeper.io
- Package Locks
- Synk.io
- npm Audit
- Comparing npm audit with Snyk
- Private Packages
- Ways to Have Your Private npm Registry
- The Rogue Gallery of Cybersecurity Bad Actors
- FaceTime Audio Bug
- Two Factor Authentication
- HaveIBeenPwned
- How Serverless Works to Manage HaveIBeenPwned
Someone to follow
- @RachelTobac
- @Fox0x01
- @ReyBango
- TroyHunt
- @ManfredSteyer / Softwarearchitekt.at
- @ShmuelaJ / NG-Girls.org
- @JenLooper
Timejumps
- 00:57 Guest Introduction
- 02:23 Javascript security in the news
- 05:29 Should we be worried about this happening again?
- 06:54 What's the best course of action when you see security warnings?
- 08:56 What is Greenkeeper?
- 10:18 Sponsor: Nativescript
- 10:52 Comparing npm audit and snyk
- 14:33 What do people who want to have a corporate acccount do?
- 21:22 Using a real world example
- 24:08 Are there times where it can't figure out what to do?
- 26:16 Isn't there a way to just keep malware out of the registry?
- 28:22 Sponsor: IdeaBlade
- 29:23 What's a bad actor?
- 34:17 FaceTime group call bug
- 36:05 Recommended tips for security
- 39:34 What's the state of 2 factor auth?
- 42:31 When we pass software to clients, how can we secure things?
- 45:08 Someone to follow