ShopTalk 682: Whiskey, Security, Antitrust, and Fun with CSS Functions
16 snips
Sep 15, 2025 Dive into a world of whiskey-inspired discussions before tackling alarming security vulnerabilities in NPM. Explore the challenges of password management for younger users and the future of digital security. The conversation shifts to Google's antitrust issues, examining the implications for the tech landscape and consumer experiences. Finally, the hosts explore exciting advancements in CSS, highlighting custom functions, dynamic styles, and the importance of modern features in web development.
AI Snips
Chapters
Transcript
Episode notes
Whiskey Guest Got Spicy Takes
- Dave received a bottle of whiskey after appearing on the Web Whiskey Whatnot podcast and joked he might have said spicy takes for clips.
- He warned the interview might hurt his career but accepted it as part of doing it for content.
Fewer Dependencies Reduce Supply-Chain Risk
- Dave and Chris note large dependency reductions in projects (Storybook) improve resilience against supply-chain attacks.
- Fewer dependencies reduce attack surface and lessen fallout from NPM compromises.
Single Phish Broke Many Packages
- Dave described an NPM maintainer getting phished, which led to malicious code attempting to steal Bitcoin wallets in widely used packages.
- He emphasized how one compromised account cascaded through many downstream libraries.