Explore advanced techniques for enhancing JavaScript supply chain security in this 20-minute conference talk from DevSecCon. Discover how to run third-party code safely without negative consequences, limit package access to globals, control network and file system access, and prevent prototype pollution. Learn about Compartments, a TC39 proposal at stage 2, and how to implement it today to control dependencies. Gain insights on using LavaMoat to protect against undetected supply chain attacks at runtime. Presented by Zbyszek Tenerowicz, a Principal Engineer and meet.js Poland community organizer, this talk draws from his extensive experience in building and operating Node.js applications in production environments.
Overview
Syllabus
Hardening JavaScript for Supply Chain Security - Zbyszek Tenerowicz
Taught by
DevSecCon
Related Courses
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
Defending JavaScript Projects from Supply Chain Attacks - Running Code from the Internet Safely
-
JavaScript Security
-
GitHub Supply Chain Security Using GitGat
-
Supply Chain Security with Go
-
Supply Chain Security: From Infrastructure to Application, Code to Cloud
