Sign up to save your podcasts
Or
Share The insider perspective on the event-stream compromise
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The insider perspective on the event-stream compromise
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts.
They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
Join the discussion
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
- Rollbar – We catch our errors before our users do because of Rollbar. Resolve errors in minutes, and deploy your code with confidence. Learn more at rollbar.com/changelog.
Featuring:
- Dominic Tarr – Website, GitHub, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
Show Notes:
Something missing or broken? PRs welcome!
View all episodes
By Changelog Media
5
55 ratings
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts.
They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
Join the discussion
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
- Rollbar – We catch our errors before our users do because of Rollbar. Resolve errors in minutes, and deploy your code with confidence. Learn more at rollbar.com/changelog.
Featuring:
- Dominic Tarr – Website, GitHub, X
- Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
- Jerod Santo – GitHub, LinkedIn, Mastodon, X
Show Notes:
Something missing or broken? PRs welcome!
More shows like Changelog Interviews
View all
Planet Money
30,839 Listeners
The Changelog: Software Development, Open Source
284 Listeners
Conversations with Tyler
2,395 Listeners
Twenty Thousand Hertz
3,924 Listeners
Python Bytes
215 Listeners
NVIDIA AI Podcast
331 Listeners
Syntax - Tasty Web Development Treats
987 Listeners
Darknet Diaries
7,879 Listeners
Sean Carroll's Mindscape: Science, Society, Philosophy, Culture, Arts, and Ideas
4,142 Listeners
Practical AI
192 Listeners
Dwarkesh Podcast
417 Listeners
Oxide and Friends
47 Listeners
The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and Analysis
485 Listeners
Changelog News
13 Listeners
Changelog & Friends
2 Listeners