Overview
Explore advanced techniques for enhancing JavaScript supply chain security in this 20-minute conference talk from DevSecCon. Discover how to run third-party code safely without negative consequences, limit package access to globals, control network and file system access, and prevent prototype pollution. Learn about Compartments, a TC39 proposal at stage 2, and how to implement it today to control dependencies. Gain insights on using LavaMoat to protect against undetected supply chain attacks at runtime. Presented by Zbyszek Tenerowicz, a Principal Engineer and meet.js Poland community organizer, this talk draws from his extensive experience in building and operating Node.js applications in production environments.
Syllabus
Hardening JavaScript for Supply Chain Security - Zbyszek Tenerowicz
Taught by
DevSecCon