My NPM package will eat your lunch

Description:

"We know a lot about vulnerable packages in NPM registry. But (surprisingly) few malicious packages have surfaced to date. Makes you feel like you don't really need to protect your project against them. Well, Zbyszek Tenerowicz is here to destroy that cozy feeling >:D

Zbyszek will demonstrate how a malicious package could affect your application, even if some security measures are already in place. After the exploits, he'll explain how to prevent the attacks without missing out on the benefits of packages using postinstall scripts for valid reasons."

Speakers:

Zbyszek Tenerowicz

JS security hobbyist, undefined

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start free Book a live demo

Product

Resources

Documentation Snyk API Docs API status Disclosed vulnerabilities Support portal & FAQ’s Blog Security fundamentals Resources for security leaders Resources for ethical hackers Vulnerability Database Snyk OSS Advisor Snyk Top 10 Videos Customer resources

Company

About Customers Careers Events Snyk for government Press kit Security & trust Legal terms Privacy For California residents: Do not sell my personal information Website Terms of Use

Connect

Book a live demo Contact us Support Report a new vuln

Security

Application Security Container Security Supply Chain Security JavaScript Security Open Source Security AWS Security Secure SDLC Security posture Secure coding Ethical Hacking AI in cybersecurity Code Checker Python Enterprise Cybersecurity JavaScript Snyk With GitHub Snyk vs Veracode Snyk vs Checkmarx