Artwork

Sisällön tarjoaa Changelog Media. Changelog Media tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Player FM - Podcast-sovellus
Siirry offline-tilaan Player FM avulla!

Making "safe npm"

1:02:06
 
Jaa
 

Manage episode 361329481 series 1391411
Sisällön tarjoaa Changelog Media. Changelog Media tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.

Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code

Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.

Leave us a comment

Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • FastlyOur bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
  • Fly.ioThe home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
  • Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
  • KBall Coaching – Free exploratory coaching sessions from JS Party co-host KBall! Click here to get started

Featuring:

Show Notes:

Something missing or broken? PRs welcome!

  continue reading

Luvut

1. It's party time, y'all (00:00:00)

2. Welcoming Bradley to the pod (00:01:03)

3. Intro to "safe npm" (00:02:20)

4. Socket in your CLI (00:05:08)

5. Devs care about different things (00:11:08)

6. Appetite for disruption (00:12:12)

7. What we want vs what we need (00:14:15)

8. Sponsor: Changelog News (00:19:43)

9. Building an npm wrapper (00:20:43)

10. Open source & security concerns (00:30:51)

11. Sponsor: KBall Coaching (00:35:02)

12. Using the npm wrapper (00:35:44)

13. Working with yarn (00:37:27)

14. npm uninstall installs stuff?! (00:40:14)

15. How Socket deals with this (00:43:32)

16. Is it vendoring npm or no? (00:45:04)

17. Windows (non) support (00:46:56)

18. What's next (00:50:21)

19. Wrapping up (00:53:50)

20. Next up on the pod (00:54:12)

21. ++BONUS FOR ALL (00:55:31)

334 jaksoa

Artwork
iconJaa
 
Manage episode 361329481 series 1391411
Sisällön tarjoaa Changelog Media. Changelog Media tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.

Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code

Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.

Leave us a comment

Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • FastlyOur bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
  • Fly.ioThe home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
  • Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
  • KBall Coaching – Free exploratory coaching sessions from JS Party co-host KBall! Click here to get started

Featuring:

Show Notes:

Something missing or broken? PRs welcome!

  continue reading

Luvut

1. It's party time, y'all (00:00:00)

2. Welcoming Bradley to the pod (00:01:03)

3. Intro to "safe npm" (00:02:20)

4. Socket in your CLI (00:05:08)

5. Devs care about different things (00:11:08)

6. Appetite for disruption (00:12:12)

7. What we want vs what we need (00:14:15)

8. Sponsor: Changelog News (00:19:43)

9. Building an npm wrapper (00:20:43)

10. Open source & security concerns (00:30:51)

11. Sponsor: KBall Coaching (00:35:02)

12. Using the npm wrapper (00:35:44)

13. Working with yarn (00:37:27)

14. npm uninstall installs stuff?! (00:40:14)

15. How Socket deals with this (00:43:32)

16. Is it vendoring npm or no? (00:45:04)

17. Windows (non) support (00:46:56)

18. What's next (00:50:21)

19. Wrapping up (00:53:50)

20. Next up on the pod (00:54:12)

21. ++BONUS FOR ALL (00:55:31)

334 jaksoa

すべてのエピソード

×
 
Loading …

Tervetuloa Player FM:n!

Player FM skannaa verkkoa löytääkseen korkealaatuisia podcasteja, joista voit nauttia juuri nyt. Se on paras podcast-sovellus ja toimii Androidilla, iPhonela, ja verkossa. Rekisteröidy sykronoidaksesi tilaukset laitteiden välillä.

 

Pikakäyttöopas