@liran_tal
@liran_tal
github.com/lirantal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
src: https://snyk.io/opensourcesecurity-2019
@liran_tal
@liran_tal
Small World with High Risks:
A Study of Security Threats in the npm Ecosystem
src: www.usenix.org/conference/usenixsecurity19/presentation/zimmerman
2019
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
Jan 2017
@liran_tal
$ npm install crossenv --save
@liran_tal
crossenv/package.json
@liran_tal
crossenv/package-setup.js
@liran_tal
@liran_tal
src: https://snyk.io/vuln
@liran_tal
@liran_tal
@liran_tal
Jan 2017
May 2018
@liran_tal
@liran_tal
http-fetch-cookies
└── express-cookies
└── getcookies
@liran_tal
mailparser
└── http-fetch-cookies
└── express-cookies
└──getcookies
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
Jan 2017
May 2018
Jul 2018
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
src: https://github.com/ChALkeR/notes
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
Jan 2017
May 2018
Jul 2018
Nov 2018
@liran_tal
src: https://snyk.io/blog/a-post-mortem-of-the-malicious-event-stream-backdoor
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
(CC BY-NC-SA 2.0)
@liran_tal
Rolling out security fixes
The security blindspot of
lockfile attack vectors
@liran_tal
src: https://npmjs.com/package/lockfile-lint
@liran_tal
@liran_tal
@liran_tal
@liran_tal
$ npm profile enable-2fa
2FA successfully enabled.
Below are your recovery codes,
please print these out.
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
github.com/lirantal