Defending JavaScript Projects from Supply Chain Attacks - Running Code from the Internet Safely

Explore the proactive defense strategies for JavaScript projects against supply chain attacks in this 27-minute DevSecCon talk. Discover how to limit access to globals for each package, control network and file system access, and prevent prototype pollution. Learn about future JavaScript features being discussed in TC39 and their potential for enhancing project security. Witness live demonstrations of executing actual malware to understand the importance of these protective measures in an era where running code from strangers is commonplace.