JavaScript Supply Chain with Feross Aboukhadijeh
JavaScript Archives - Software Engineering Daily
00:00
JavaScript Security - What Makes That Hard?
One of the worst things about NPM right now is that when you go to the NPM website and look up a package, you can't actually see the code that you're about to install at all. You basically resort to clicking the GitHub link and then going to GitHub and looking at the code there to get an idea. And so one of the things we'd like to be able to do is to sort of say, well, whenever we see that the code on GitHub doesn't match the code that's on NPM, that's a pretty big red flag, right?
Transcript
Play full episode
