Reflecting on a Recent Supply Chain Attack on a JavaScript Library

Adam & Jerod discuss the news! But first, we discuss how you can keep up with the software world (good question, Tyler Boyd!) On the docket: Developer job postings trend, the Ladybird Browser Initiative, the Polyfill.js supply chain attack & is the future self-hosted?

Join the discussion

Changelog++ members get a bonus 15 minutes at the end of this episode and zero ads. Join today!

Sponsors:

• Sentry – Code breaks, fix it faster. Don’t just observe. Take action. Sentry is the only app monitoring platform built for developers that gets to the root cause for every issue. 90,000+ growing teams use sentry to find problems fast. Use the code CHANGELOG when you sign up to get $100 OFF the team plan.
• 1Password – Build securely with 1Password - 1Password simplifies how you securely use, manage, and integrate developer credentials. Manage SSH keys and sign Git commits. Access secrets stored in 1Password. Automate administrative tasks. Integrate with third-party tools. Also, check out our INFRASTRUCTURE.md file for more details on how we do secrets with 1Password.
• Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.

Featuring:

• Jerod Santo – GitHub, LinkedIn, Mastodon, X
• Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X

Show Notes:

• Software Development Job Postings on Indeed in the United States
• Announcing the Ladybird Browser Initiative
• Chris Wanstrath’s announcement
• Polyfill supply chain attack hits 100K+ sites
• The future is self-hosted

BONUS++

• Doggo – CLI DNS client for humans
• Doggo on Socket

Something missing or broken? PRs welcome!