JavaScript Supply Chain with Feross Aboukhadijeh
JavaScript Archives - Software Engineering Daily
00:00
How Do You Analyze the Software Supply Chain Dependency Infrastructure?
We need to analyze the contents of every package to figure out its behavior because that's how socket works. We look for, like I said, about a series of 70 issues. And right now we just do static analysis, which means that we don't actually execute the code. But beyond that, we actually want to know what the code is doing and so in order to do that, we have to look at the code in every package.
Transcript
Play full episode
