Dive into a comprehensive recorded live stream that unravels the complexities of JavaScript dependencies. Learn about NodeSecure, an open-source tool designed to analyze dependencies of remote packages or local manifests in-depth. Explore the increasing challenges in the ecosystem, including the growing number of dependencies, maintainers, and supply chain attacks. Join guest Thomas Gentilhomme as he shares his expertise on Node.js, security, and the development of NodeSecure. Discover how to use the NodeSecure CLI to visualize dependencies, explore package details, and identify potential vulnerabilities. Gain insights into the importance of understanding what's in your node_modules directory and how to effectively manage and secure your JavaScript projects. The stream covers topics such as the pros and cons of having numerous dependencies, practical use cases for dependency visualization, and demonstrations of NodeSecure CLI and Vulnera tool in action.
Overview
Syllabus
- Stream Start
- Introductions
- Meeting our Guest Thomas Gentilhomme
- Thomas' Background and Experience
- How Thomas got into Node.js
- The Types of Applications Thomas has Focused on
- How Thomas Developed a Focus on Security
- What is NodeSecure
- How do we Untangle the Secrets of JavaScript Dependencies - NodeSecure CLI
- Is it Bad to Have A LOT of Dependencies
- Exploring the Visualization of Dependencies with NodeSecure CLI
- Diving into Package Details
- What are the Use Cases of Visualizing Dependencies
- More Features of the NodeSecure CLI
- Running the NodeSecure CLI in a Project
- NodeSecure Vulnera Tool
- Testing One of Brian's Example NPM Packages
- Closing
- Stream End
Taught by
Snyk
