A deep dive into software supply chain attacks—where a single compromised package can infiltrate thousands of projects through invisible dependency chains. Explore how npm and PyPI became the internet's most dangerous potion shops, from the left-pad collapse to the event-stream backdoor, and the emerging 'slopsquatting' threat where AI hallucinations become actual security vulnerabilities.

00:00 - The Potion Shop Metaphor: How Package Registries Work

02:30 - Dependency Trees: Why You're Installing 1500 Packages Without Knowing It

06:00 - The Left-Pad Incident: When 11 Lines of Code Broke the Internet

09:30 - The Event-Stream Backdoor: A Trojan Horse in Plain Sight

13:00 - Slopsquatting: AI-Generated Package Names as Attack Vectors

17:00 - Defense Strategies: Can You Trust Your Dependencies?

This podcast episode was fully generated by AI — research, script, voices, and production. Built with Claude, Piper TTS, and automated pipeline tooling.