Guarding the JavaScript Supply Chain: Preventing NPM Attacks with Feross Aboukhadijeh - JSJ 695
JavaScript Jabber1 Nov 2025

Guarding the JavaScript Supply Chain: Preventing NPM Attacks with Feross Aboukhadijeh - JSJ 695

Hey everyone—it’s Steve Edwards here, and in this episode of JavaScript Jabber, I’m joined by returning guest Feross Aboukhadijeh, founder of Socket.dev, for a deep dive into the dark and fascinating world of open source supply chain security. From phishing campaigns targeting top NPM maintainers to the now-infamous Chalk library compromise, we unpack the latest wave of JavaScript package attacks and what developers can learn from them.

Feross explains how some hackers are even using AI tools like Claude and Gemini as part of their payloads—and how defenders like Socket are fighting back with AI-powered analysis of their own. We also dive into GitHub Actions vulnerabilities, the role of two-factor authentication, and the growing need for “phishing-resistant 2FA.” Whether you’re an open source maintainer or just someone who runs npm install a little too often, this episode will open your eyes to how much happens behind the scenes to keep your code safe.

🔗 Links & Resources

Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Episoder(737)

Making Monorepos Breakproof with Anton Stoychev - JSJ 694

Making Monorepos Breakproof with Anton Stoychev - JSJ 694

In this solo-hosted episode, I (Steve Edwards) dive deep into the world of modern monorepos with special guest Anton Stoychev from Yotpo. Anton shares his journey from the early days of PHP and IE6 ni...

24 Okt 20251h 13min

Spec-Driven Development and the Future of AI IDEs with AWS’s Kiro - JSJ 693

Spec-Driven Development and the Future of AI IDEs with AWS’s Kiro - JSJ 693

In this episode of JavaScript Jabber, I sit down with AWS’s Clare Liguori and Erik Hanchett to talk about Kiro, a brand-new AI-powered IDE that’s reimagining the way developers build software. We dive...

9 Okt 202543min

Modern JavaScript Testing: Integration, Contract Testing & AI Tools - JSJ 692

Modern JavaScript Testing: Integration, Contract Testing & AI Tools - JSJ 692

In this episode of JavaScript Jabber, I sit down with Dan Shapir and our special guest, Yoni Goldberg, to dive deep into the ever-evolving world of JavaScript testing. Yoni, a consultant who’s worked ...

29 Sep 20251h 6min

The Comeback of RPC: SolidJS, TanStack, and the Future of JavaScript Frameworks with Ryan Carniato & Tanner Linsley - JSJ 691

The Comeback of RPC: SolidJS, TanStack, and the Future of JavaScript Frameworks with Ryan Carniato & Tanner Linsley - JSJ 691

In this episode of JavaScript Jabber, I sit down with Ryan Carniato, creator of SolidJS, and Tanner Linsley, the force behind TanStack, for a deep-dive conversation on the resurgence of Remote Procedu...

22 Sep 20251h 29min

Exploring Vibe Coding and the Future of Product Management with Gunnar Berger - JSJ 690

Exploring Vibe Coding and the Future of Product Management with Gunnar Berger - JSJ 690

In this episode of JavaScript Jabber, I sit down with Amazon product leader Gunnar Berger to dive into the fast-evolving world of vibe coding and how it’s reshaping the relationship between developers...

12 Sep 20251h 13min

How to Use Web Components, Iframes, and Module Federation for Multi-Framework Apps - JSJ 689

How to Use Web Components, Iframes, and Module Federation for Multi-Framework Apps - JSJ 689

This week on JavaScript Jabber, we dive deep into the challenges and opportunities of mixing and matching frontend frameworks in modern applications. I’m joined by Dan Shapir, Steve Edwards, and our s...

2 Sep 20251h 17min

Why We’re Building the Front End Wrong (and How to Fix It) - JSJ 688

Why We’re Building the Front End Wrong (and How to Fix It) - JSJ 688

In this episode of JavaScript Jabber, I sit down with Delaney Gilliland to dive into why most of us are building the front end wrong—and what a faster, leaner, and simpler alternative could look like....

28 Aug 202546min

Vibe Coding: Building Faster with AI-Powered Development - JSJ 687

Vibe Coding: Building Faster with AI-Powered Development - JSJ 687

In this episode of JavaScript Jabber, we dive deep into the world of vibe coding—what it means, how it works in practice, and why it’s changing the way developers build software. I’m joined by Anthony...

22 Aug 20251h 11min

Populært innen Business og økonomi

stopp-verden
dine-penger-pengeradet
e24-podden
rss-penger-polser-og-politikk
rss-borsmorgen-okonominyhetene
lydartikler-fra-aftenposten
pengepodden-2
utbytte
finansredaksjonen
pengesnakk
livet-pa-veien-med-jan-erik-larssen
morgenkaffen-med-finansavisen
okonomiamatorene
tid-er-penger-en-podcast-med-peter-warren
rss-sunn-okonomi
stormkast-med-valebrokk-stordalen
lederpodden
rss-fa-makro
rss-markedspuls-2
boligbobla