PodRocket - A web development podcast from LogRocket cover image

Unpacking the NPM supply chain attacks with Feross Aboukhadijeh

PodRocket - A web development podcast from LogRocket

00:00

Mitigations: install scripts, vetting, policies, upgrades

Practical defenses: why postinstall scripts are risky, disable or allow selectively, use lockfiles and PNPM delays, adopt vetting/scanning and whitelists, and balance upgrade speed with security.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app