Full keynote available here: https://www.youtube.com/watch?v=eDZHrNbyK3c
1:21 Account Takeovers (ATO)
2:50 What did we do right?
4:56 What did we learn?
6:20 The npm security roadmap
16:32 Campaign using stolen OAuth tokens
18:08 Validation with registry package signing
19:12 What’s next?
Main OpenJS Resources:
Main Site: https://openjsf.org/