Explore the critical work GitHub is undertaking to secure the npm ecosystem in this 23-minute Linux Foundation conference talk. Delve into the importance of trust in open source and GitHub's role as stewards. Learn about measures implemented to prevent account takeovers, including improved two-factor authentication experiences, web authentication, and enhanced account recovery processes. Discover new features such as granular access tokens, code explorer, and Sigstore integration. Gain insights into the ongoing efforts to protect the open-source dependencies we all rely on, presented by Abigail Cabunoc Mayes from GitHub.
Securing the npm Ecosystem - Enhancing Trust in Open Source
Overview
Syllabus
Intro
Acknowledgements
Abigail introduction
Agenda
Why focus on security
Open Source is built on trust
GitHub is the stewards
Npm is a critical tool
Account Takeovers
What we learned
The plan
Login verification
Adoption update
Improved 2FA experience
Web authen
Better 2FA management
Better 2FA enforcement
Improved account recovery
New releases
granular access token
code explorer
Sigstore
Repository
Wrap up
Thank you
Taught by
Linux Foundation
