Web Rush

Episode 22: Secure Javascript with npm with Adam Baldwin

Episode Summary

Adam Baldwin is the Director of Security at npm, inc. and so naturally we're talking about how to best handle security issues in our projects.

Episode Notes

Recording date: 2019-01-31

John Papa @John_Papa

Ward Bell @WardBell

Adam Baldwin @adam_baldwin

Resources:

• Details about the Event Stream Incident
• News about the Event Stream Incident
• Greenkeeper.io
• Package Locks
• Synk.io
• npm Audit
• Comparing npm audit with Snyk
• Private Packages
• Ways to Have Your Private npm Registry
• The Rogue Gallery of Cybersecurity Bad Actors
• FaceTime Audio Bug
• Two Factor Authentication
• HaveIBeenPwned
• How Serverless Works to Manage HaveIBeenPwned

Someone to follow

• @RachelTobac
• @Fox0x01
• @ReyBango
• TroyHunt
• @ManfredSteyer / Softwarearchitekt.at
• @ShmuelaJ / NG-Girls.org
• @JenLooper

Timejumps

• 00:57 Guest Introduction
• 02:23 Javascript security in the news
• 05:29 Should we be worried about this happening again?
• 06:54 What's the best course of action when you see security warnings?
• 08:56 What is Greenkeeper?
• 10:18 Sponsor: Nativescript
• 10:52 Comparing npm audit and snyk
• 14:33 What do people who want to have a corporate acccount do?
• 21:22 Using a real world example
• 24:08 Are there times where it can't figure out what to do?
• 26:16 Isn't there a way to just keep malware out of the registry?
• 28:22 Sponsor: IdeaBlade
• 29:23 What's a bad actor?
• 34:17 FaceTime group call bug
• 36:05 Recommended tips for security
• 39:34 What's the state of 2 factor auth?
• 42:31 When we pass software to clients, how can we secure things?
• 45:08 Someone to follow