Liran Tal
💚@nodejs Security WG member | Core team @meanjs, #dockly | Author: 📘Essential Node.js Security ✨ Engineering Manager @nielsen-oss | ❤️#opensource #javascript
@liran_tal
github.com/lirantal
source: https://octoverse.github.com
source: https://snyk.io/opensourcesecurity-2019
@liran_tal
@liran_tal
@liran_tal
src: https://snyk.io/stateofossecurity/
@liran_tal
@liran_tal
Small World with High Risks:
A Study of Security Threats in the npm Ecosystem
src: www.usenix.org/conference/usenixsecurity19/presentation/zimmerman
2019
@liran_tal
@liran_tal
@liran_tal
@liran_tal
@liran_tal
Jan 2017
@liran_tal
Jan 2017
May 2018
@liran_tal
Jan 2017
May 2018
Jul 2018
@liran_tal
Jan 2017
May 2018
Jul 2018
Nov 2018
@liran_tal
Text
Text
Text
Text
package-lock.json
/index.js
/package.json
/README.md
/package-lock.json
source: https://snyk.io/blog/making-sense-of-package-lock-files-in-the-npm-ecosystem/
package-lock.json
/index.js
/package.json
/README.md
/package-lock.json
source: https://snyk.io/blog/making-sense-of-package-lock-files-in-the-npm-ecosystem/
/index.js
/package.json
/README.md
/node_modules/
/node_modules/chalk/
/node_modules/chalk/package.json
source: https://snyk.io/blog/making-sense-of-package-lock-files-in-the-npm-ecosystem/
source: https://snyk.io/blog/making-sense-of-package-lock-files-in-the-npm-ecosystem/
package.json
image source: https://www.businessintelligenceinfo.com/tag/magic/page/2
package.json
source: https://snyk.io/blog/how-much-do-we-really-know-about-how-packages-behave-on-the-npm-registry
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
@liran_tal
github.com/lirantal
By Liran Tal