JavaScript Jabber26 Maalis 2019

JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne

Sponsors

Triplebyte
Sentry use the code “devchat” for $100 credit
Clubhouse
CacheFly

Panel

Aaron Frost
AJ O’Neal
Chris Ferdinandi
Joe Eames
Aimee Knight
Charles Max Wood

Joined by special guests: Hillel Wayne and Richard FeldmanEpisode SummaryIn this episode of JavaScript Jabber, Hillel Wayne kicks off the podcast by giving a short background about his work, explains the concepts of formal methods and the popular npm package - event-stream, in brief. The panelists then dive into the recent event-stream attack and discuss it at length, focusing on different package managers and their vulnerabilities, as well as the security issues associated with them. They debate on whether paying open source developers for their work, thereby leading to an increase in contribution, would eventually help in improving security or not. They finally talk about what can be done to fix certain dependencies and susceptibilities to prevent further attacks and if there are any solutions that can make things both convenient and secure for users.Links

PicksJoe Eames:

Stuffed Fables

Aimee Knight:

Aaron Frost:

JSConf US

Chris Ferdinandi:

Charles Max Wood:

Richard Feldman:

Hillel Wayne:

Special Guests: Hillel Wayne and Richard Feldman.

Support this podcast at — https://redcircle.com/javascript-jabber/donations

Privacy & Opt-Out: https://redcircle.com/privacy

Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(738)

TypeScript, Security, and Type Juggling with Ariel Shulman & Liran Tal - JSJ 679

In this episode, we dove headfirst into the swirling waters of TypeScript, its real-world use cases, and where it starts to fall short—especially when it comes to security. Joining us from sunny Tel A...

29 Touko 20251h 32min

Building Agentic AI Workflows with Matthew Henage - JSJ 678

In this episode, we sat down with full-stack developer and AI innovator Matthew Henage, creator of WAOS.ai (Web App Operating System) and the incredible storytelling platform SpeakMagic.ai. This conve...

22 Touko 20251h 3min

Reinventing Web Development with Brisa: A Conversation with Aral Roca - JSJ 677

In this week’s episode, it’s just me — Charles Max Wood — and I’m joined by the incredibly sharp and open-source-loving Aral Roca, direct from Barcelona! Aral’s the creator of Brisa, a new full-stack ...

15 Touko 20251h 5min

Building Enterprise Infrastructure with Bit & AI with Gilad Shoham - JSJ 676

In this episode, I (Steve Edwards) flew solo on the mic but had the pleasure of hosting a truly insightful conversation with Gilad Shoham, VP of Engineering at Bit.Cloud. Gilad brought the heat from I...

8 Touko 202558min

Replacing Create React App: Why Create TS Router App Is the Future of React Development - JSJ 675

We’ve been diving into the evolving landscape of React app development and why tools like Create TS Router App (CTA) are stepping up to fill the gap left by the deprecation of Create React App (CRA). ...

2 Touko 20251h 30min

Empowering Devs and Innovators: Inside Vercel’s Impact, Feature Flags, and the Rise of v0 - JsJ 674

In this episode, Lee Robinson, who works at Vercel, discusses the company’s impact on web development despite its relatively small size. He explains their approach to empowering small, founder-led tea...

21 Huhti 20251h 22min

Building 50 Apps in 50 Days: The Power of Boring Stacks with Kelvin - JsJ_673

In this episode, we dive into an engaging conversation with Kelvin, where we explore his approach to full-stack JavaScript development and the power of using simple, stable technologies to speed up ap...

14 Huhti 20251h

Breaking Into Tech: Lessons from My Career Path - JsJ 672

This episode is a little different—thanks to a U.S. holiday, I’m flying solo. But that just means we get to have a one-on-one chat!I dive into my career journey—not to brag, but to offer insights for ...

7 Huhti 202544min