Supply Chain Security - Part 2 - JSJ 525
JavaScript Jabber
00:00
Is This Going to Expand Beyond Java Scripton and P M?
socket runs on every open source package. It's trying to catch the stuff that is just like these anomalous events that hopefully don't happen too often, like a package got higjacked by a bad guy and now it's doing something crazy. The action is basically, do not update to this bad version if it's an up date,. If it's a new package ou're adding, don't add this until you've answered the question "Why is this package doing x wires behavior?" You should be able to answer why it's doing that before you go ahead and proceed to include that dependency. And so i think we want to get to this sometime this year, probably
Transcript
Play full episode
