Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How Malicious NPM Packages Make Your Apps Vulnerable - SnykLIVE Recording

Snyk via YouTube

Overview

Explore the world of malicious NPM packages and their impact on application security in this recorded livestream. Learn how developers can inadvertently install harmful packages and witness demonstrations of various attack vectors, including postinstall scripts, TypeScript exploits, and pipeline vulnerabilities. Discover practical recommendations and open-source tools to protect against these threats, enhancing your developer security skills. Gain insights from expert Zbyszek Tenerowicz as he covers topics such as the audit-resolver project, malicious package installation methods, and effective countermeasures. Dive into this comprehensive session to strengthen your understanding of NPM package security and safeguard your applications from potential vulnerabilities.

Syllabus

- Stream Start
- Introductions
- Audit-resolver Project
- How do Developers Install Malicious Packages?
- Demo: Malicious Package via postinstall script
- Demo: Malicious Package with TypeScript
- Demo: Malicious Package via Pipeline and prepublish script
- Recommendations to Stop These Attacks
- Some Open Source Tools to Help
- Conclusion
- Outro
- Stream End

Taught by

Snyk

Reviews

Start your review of How Malicious NPM Packages Make Your Apps Vulnerable - SnykLIVE Recording

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.