Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Securing the npm Ecosystem - Enhancing Trust in Open Source

Linux Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical work GitHub is undertaking to secure the npm ecosystem in this 23-minute Linux Foundation conference talk. Delve into the importance of trust in open source and GitHub's role as stewards. Learn about measures implemented to prevent account takeovers, including improved two-factor authentication experiences, web authentication, and enhanced account recovery processes. Discover new features such as granular access tokens, code explorer, and Sigstore integration. Gain insights into the ongoing efforts to protect the open-source dependencies we all rely on, presented by Abigail Cabunoc Mayes from GitHub.

Syllabus

Intro
Acknowledgements
Abigail introduction
Agenda
Why focus on security
Open Source is built on trust
GitHub is the stewards
Npm is a critical tool
Account Takeovers
What we learned
The plan
Login verification
Adoption update
Improved 2FA experience
Web authen
Better 2FA management
Better 2FA enforcement
Improved account recovery
New releases
granular access token
code explorer
Sigstore
Repository
Wrap up
Thank you

Taught by

Linux Foundation

Reviews

Start your review of Securing the npm Ecosystem - Enhancing Trust in Open Source

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.