A discussion on the implications of blindly using NPM
Recorded on Tuesday, November 27, 2018
Synopsis
- The nature of NPM
- The problem with EventStream
- How do we guard against malicious packages?
- Is this a problem with Nuget too?
- Does open source help?
- What is a project owner's responsibility when handing off a package?
- Why JavaScript makes this a hard problem
- Plugging analyzers into the build pipeline
- Being proactive vs. being reactive
- Architecting to minimize exposure
- The StackOverflow effect
- When implicit trust is based into the learning path
- The organization's responsibilities
PODCAST
