Changelog & Friends

npm under siege (what to do about it)

Listen Later

Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.

Join the discussion

Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • Depot10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.

Featuring:

  • Feross Aboukhadijeh – Website, GitHub, X
  • Jerod Santo – GitHub, LinkedIn, Mastodon, X
  • Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X

Show Notes:

  • Active supply chain attack: npm phishing campaign
  • Npm phishing email targets developers with typosquat
  • Nx npm packages compromised in supply chain attack
  • Introducing socket firewall
  • Changelog News Classifieds

    • Something missing or broken? PRs welcome!

    ...more
    View all episodesView all episodes
    Download on the App Store
    Changelog & FriendsBy Changelog Media
    • 5
    • 5
    • 5
    • 5
    • 5

    5

    2 ratings

    More shows like Changelog & Friends

    View all
    The Changelog: Software Development, Open Source by Changelog Media

    The Changelog: Software Development, Open Source

    291 Listeners

    Making Sense with Sam Harris by Sam Harris

    Making Sense with Sam Harris

    26,387 Listeners

    The WAN Show by Linus Tech Tips

    The WAN Show

    1,174 Listeners

    Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

    Syntax - Tasty Web Development Treats

    986 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,010 Listeners

    CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

    CoRecursive: Coding Stories

    188 Listeners

    Practical AI by Practical AI LLC

    Practical AI

    212 Listeners

    All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

    All-In with Chamath, Jason, Sacks & Friedberg

    9,833 Listeners

    Deep Questions with Cal Newport by Cal Newport

    Deep Questions with Cal Newport

    1,306 Listeners

    Dwarkesh Podcast by Dwarkesh Patel

    Dwarkesh Podcast

    489 Listeners

    The Ezra Klein Show by New York Times Opinion

    The Ezra Klein Show

    16,072 Listeners

    Honestly with Bari Weiss by The Free Press

    Honestly with Bari Weiss

    8,806 Listeners

    Oxide and Friends by Oxide Computer Company

    Oxide and Friends

    59 Listeners

    Changelog News by Changelog Media

    Changelog News

    13 Listeners

    The Pragmatic Engineer by Gergely Orosz

    The Pragmatic Engineer

    64 Listeners