Liran Tal
💚@nodejs Security WG member | Core team @meanjs, #dockly | Author: 📘Essential Node.js Security ✨ Engineering Manager @nielsen-oss | ❤️#opensource #javascript
@liran_tal
github.com/lirantal
@liran_tal
github.com/lirantal
src: https://snyk.io/opensourcesecurity-2019
Jan 2015
Jan 2015
Jan 2017
$ npm install crossenv --save
crossenv/package.json
crossenv/package-setup.js
src: https://snyk.io/vuln
Jan 2015
Jan 2017
May 2018
http-fetch-cookies
└── express-cookies
└── getcookies
mailparser
└── http-fetch-cookies
└── express-cookies
└──getcookies
Jan 2015
Jan 2017
May 2018
Jul 2018
src: https://github.com/ChALkeR/notes
Jan 2015
Jan 2017
May 2018
Jul 2018
Nov 2018
src: https://snyk.io/blog/a-post-mortem-of-the-malicious-event-stream-backdoor
(CC BY-NC-SA 2.0)
$ npm profile enable-2fa
2FA successfully enabled.
Below are your recovery codes,
please print these out.
Source: The State of Open Source Security Report 2019, Snyk
https://snyk.io/opensourcesecurity-2019/
@liran_tal
github.com/lirantal
By Liran Tal
With a great ecosystem, comes great responsibility, and application security is not one to wave off. Let’s review some black clouds of security horror stories in the Node.js ecosystem, and learn how malicious npm packages work, how to avoid them and apply npm and Node.js security best practices every developer should know with hands-on live hacking.
💚@nodejs Security WG member | Core team @meanjs, #dockly | Author: 📘Essential Node.js Security ✨ Engineering Manager @nielsen-oss | ❤️#opensource #javascript