JavaScript Jabber26 Mar 2019

JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne

Sponsors

Triplebyte
Sentry use the code “devchat” for $100 credit
Clubhouse
CacheFly

Panel

Aaron Frost
AJ O’Neal
Chris Ferdinandi
Joe Eames
Aimee Knight
Charles Max Wood

Joined by special guests: Hillel Wayne and Richard FeldmanEpisode SummaryIn this episode of JavaScript Jabber, Hillel Wayne kicks off the podcast by giving a short background about his work, explains the concepts of formal methods and the popular npm package - event-stream, in brief. The panelists then dive into the recent event-stream attack and discuss it at length, focusing on different package managers and their vulnerabilities, as well as the security issues associated with them. They debate on whether paying open source developers for their work, thereby leading to an increase in contribution, would eventually help in improving security or not. They finally talk about what can be done to fix certain dependencies and susceptibilities to prevent further attacks and if there are any solutions that can make things both convenient and secure for users.Links

PicksJoe Eames:

Stuffed Fables

Aimee Knight:

Aaron Frost:

JSConf US

Chris Ferdinandi:

Charles Max Wood:

Richard Feldman:

Hillel Wayne:

Special Guests: Hillel Wayne and Richard Feldman.

Support this podcast at — https://redcircle.com/javascript-jabber/donations

Privacy & Opt-Out: https://redcircle.com/privacy

Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(738)

Opinionated Core Web Vitals - JSJ 647

Dan Shappir takes the lead this week to discuss Core Web Vitals and how Google is pushing the web to be faster.He leads Chuck, Aimee, and AJ through the ways that developers can measure and improve th...

3 Sep 20241h 10min

Beyond JavaScript: Master TypeScript at Scale at SquiggleConf - JSJ 646

Dan together with Josh Goldberg, a prominent open-source maintainer and author of "Learning TypeScript, dive into the world of TypeScript and JavaScript with a special focus on the upcoming Squiggleco...

28 Aug 20241h 10min

Deep Dive into Metrics and Monitoring with Prometheus and Grafana - JSJ 645

Dive into a fascinating discussion blending the worlds of literature, gaming, and tech. In this episode, Chuck and Dan explore the intriguing connections between The Hobbit and The Lord of the Rings, ...

20 Aug 20241h 25min

Crafting Code and Community: AI, LeetCode, and Meetups - JSJ 644

In this episode, they dive deep into the world of coding, meetups, and the evolving landscape of technical interviews. Join them as they explore the fascinating use of OpenAI's technology for coding a...

13 Aug 20241h 9min

Overcoming JavaScript Load Issues: Import Maps and Performance Enhancements - JSJ 643

In this episode, they dive deep into the intricate world of JavaScript loading and web performance. Join the panel with insightful discussions led by Dan, Charles, Steve, and special guest Yoav Weiss—...

8 Aug 20241h 35min

Personal Branding for Developers with Morad Stern - JSJ 642

The JSJ panel talks with Morad Stern from Wix about personal branding; what it is, why it’s important for developers, and how to build it.LinksObama asks America to learn computer scienceConfiguring A...

30 Jul 202451min

Making AI Accessible for Developers - JSJ 641

In this captivating episode, they dive deep into the world of AI, hands-on learning, and the evolving landscape of development with Steve Sewell from Builder.io. They explore the misconceptions about ...

23 Jul 20241h 25min

Framework Comparisons, Real User Metrics, and Effective Performance Tools - JSJ 640

In today's episode, they dive deep into web performance optimization and the strategies employed by our expert panel to achieve it. Join Dan, Steve, Charles, and guest Vinicius Dallacqua as they explo...

16 Jul 20241h 19min