AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
5min chapter
Making "safe npm" (JS Party #272)
Changelog Master Feed
How to Warn Developers About Dangerous Packages Before They Install Them
We're trying to move the like knowledge forward before you install the dangerous thing, not telling you you already did something dangerous. And we're looking for stuff that doesn't even covered by CVEs because when you have a supply chain attack, it's usually it's some packages compromised and nobody knows it yet. So there's a bunch of things that you might initially think are great to warn developers about, but it makes a tool completely unusable every time you add that speed bump. We've had this feedback period and developers have shown us problems with us over alerting or under alerting. Everybody wants different things, which is interesting to see. You've got to find that default middle ground
00:00
Transcript
Episode notes
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode