The chapter highlights the risks of typo-squatting attacks and advises developers to be vigilant about installing dependencies to safeguard data and prevent security breaches. It introduces Sockit as a tool to automate the identification of malicious packages in various stages of development.
Daniel Stenberg shares his guiding principles for BDFL’ing curl, gives us his perspective on the state of the internet, talks financial independence, ensuring curl won’t be the next XZ & more!
Leave us a comment
Changelog++ members get a bonus 7 minutes at the end of this episode and zero ads. Join today!
Sponsors:
- Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
- Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
- Sentry – Code breaks, fix it faster. Don’t just observe. Take action. Sentry is the only app monitoring platform built for developers that gets to the root cause for every issue. 90,000+ growing teams use sentry to find problems fast. Use the code
CHANGELOG
when you sign up to get $100 OFF the team plan.
Featuring:
- Daniel Stenberg – Mastodon, Twitter, GitHub, Website
- Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
- Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
Show Notes:
Something missing or broken? PRs welcome!