Summit '22

Trust me, I'm an open-source developer

About this presentation

Most developers rely on open-source software daily to build applications. In the JavaScript ecosystem, we use thousands of NPM packages installed as dependencies on our computers. This trust-based exchange of knowledge has helped the industry grow rapidly, but how much can it really be trusted? Between 2020 and 2021, the number of software supply chain attacks grew by 300%. This includes attacks run via open-source packages. What types of attacks can happen? What can they do? How can we protect ourselves? In this talk, I will address all these questions and more to raise awareness of the issue, help you identify vulnerabilities, and provide some potential solutions.