@liran_tal
github.com/lirantal
@liran_tal
@liran_tal
2019
@liran_tal
src: https://snyk.io/stateofossecurity/
@liran_tal
@liran_tal
Small World with High Risks:
A Study of Security Threats in the npm Ecosystem
src: www.usenix.org/conference/usenixsecurity19/presentation/zimmerman
2019
@liran_tal
@liran_tal
@liran_tal
The package.json
Dependencies
package.json
The package.json
$ npm run test
"preinstall": "rm -rf /"
$ npx create-node-app
@liran_tal
Jan 2017
@liran_tal
@liran_tal
Jan 2017
May 2018
@liran_tal
Jan 2017
May 2018
Jul 2018
@liran_tal
Jan 2017
May 2018
Jul 2018
Nov 2018
@liran_tal
2019
@liran_tal
2021
The security blindspot of
lockfile attack vectors
@liran_tal
source: https://snyk.io/blog/software-supply-chain-security
{ "nodemon": "latest" }
image source: https://www.businessintelligenceinfo.com/tag/magic/page/2
package.json
source: https://snyk.io/blog/how-much-do-we-really-know-about-how-packages-behave-on-the-npm-registry
@liran_tal
source: https://snyk.io/advisor
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
{
@liran_tal
github.com/lirantal