AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Ua Parser J S, and the Colors.
In october and november, it was coa, r c and u a parser j s that were compromised. They had a bitquin or, not aquin monero minor, added to the package. Some mallor stole passwords from over a hundred different programms on windows. Each of those three i mentioned, had 30 million down loads a month each.
This week we’re joined by the “mad scientist” himself, Feross Aboukhadijeh…and we’re talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain.
While working on the frontlines of open source, Feross and team have witnessed firsthand how supply chain attacks have swept across the software community and have damaged the trust in open source. Socket turns the problem of securing open source software on its head, and asks…“What if we assume all open source may be malicious?” So, they built a system that proactively detects indicators of compromised open source packages and brings awareness to teams in real-time. We cover the whys, the hows, and what’s next for this ambitious and very much needed project.
Changelog++ members get a bonus 10 minutes at the end of this episode and zero ads. Join today!
Sponsors:
CHANGELOG
and get the team plan free for three months.
Featuring:
Show Notes:
Something missing or broken? PRs welcome!
Listen to all your favourite podcasts with AI-powered features
Listen to the best highlights from the podcasts you love and dive into the full episode
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
Listen to all your favourite podcasts with AI-powered features
Listen to the best highlights from the podcasts you love and dive into the full episode