My NPM package will eat your lunch


“We know a lot about vulnerable packages in NPM registry. But (surprisingly) few malicious packages have surfaced to date. Makes you feel like you don’t really need to protect your project against them. Well, Zbyszek Tenerowicz is here to destroy that cozy feeling >:D

Zbyszek will demonstrate how a malicious package could affect your application, even if some security measures are already in place. After the exploits, he’ll explain how to prevent the attacks without missing out on the benefits of packages using postinstall scripts for valid reasons.”

Browse SnykCon 2021 talks


Zbyszek Tenerowicz
JS security hobbyist, meet.js