AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
3min chapter
JavaScript Supply Chain with Feross Aboukhadijeh
JavaScript Archives - Software Engineering Daily
Is There a Reproducible Build?
With a reproducible build, anyone can go and take the source code, build it and get the exact same bit for bit output as the maintainer would have gotten. And so they can confirm that nothing sneaky was added to the result. typo squatting is when someone registers a package with a name that's very similar to a popular package. You make a one letter mistake and ask suddenly you're executing code from some random package that no one has ever even looked at before. That's really bad. I don't know why the existing tooling doesn't do it. It's something that like the number one supply chain attack vector right now that we're seeing. We just keep thinking of
00:00
Transcript
Episode notes
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode