Sign up to save your podcasts
Or
Share Outdated JavaScript tooling, vulnerabilities and security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Outdated JavaScript tooling, vulnerabilities and security
I have spoken or written about this topic before, but feel the need to re-address it.
Node Security/npm audit appeared for the first time in my Terminal window in March of last year (2018). I had read that it was a new feature in npm created by Node Security, and was excited about the prospect of knowing more about what was going on under the hood with my npm packages and how that all boded for Web/Software Development and Individual Machine(s) Security. Previously, many of us were under the false impression that everything in our code, in our workflows using third party plugins and packages passed muster.
Correction to podcast (also added to transcript on interglobalmedianetwork.com website):
If, when you clone or download something from a repository, and then run npm i (assuming there is a package.json present), and there is a message (correction: npmjs and not Node Security) stating that it has detected vulnerabilities in your package(s), follow their instructions to run npm audit.
To view the transcript/post of this podcast, please visit Outdated JavaScript tooling, vulnerabilities and security on interglobalmedianetwork.com.
View all episodes
By Maria CampbellI have spoken or written about this topic before, but feel the need to re-address it.
Node Security/npm audit appeared for the first time in my Terminal window in March of last year (2018). I had read that it was a new feature in npm created by Node Security, and was excited about the prospect of knowing more about what was going on under the hood with my npm packages and how that all boded for Web/Software Development and Individual Machine(s) Security. Previously, many of us were under the false impression that everything in our code, in our workflows using third party plugins and packages passed muster.
Correction to podcast (also added to transcript on interglobalmedianetwork.com website):
If, when you clone or download something from a repository, and then run npm i (assuming there is a package.json present), and there is a message (correction: npmjs and not Node Security) stating that it has detected vulnerabilities in your package(s), follow their instructions to run npm audit.
To view the transcript/post of this podcast, please visit Outdated JavaScript tooling, vulnerabilities and security on interglobalmedianetwork.com.