From OpenJS World 2022: The State of JavaScript Supply Chain Security in 2022 – Feross Aboukhadijeh, Founder & CEO, Socket

Continuing our OpenJS World Keynote Series, we’re highlighting a keynote on The State of JavaScript Supply Chain Security. To view all of the keynotes from the conference, please visit the OpenJS YouTube Channel.

Feross Aboukhadijeh, Founder & CEO of Socket, presented on the current state of software supply chain security in JavaScript at OpenJS World 2022 in June. Software supply chain attacks have exploded since 2021 and are accelerating in 2022. 

In the presentation, Feross provided examples of recent supply chain attacks and what concrete steps we can take as an ecosystem to protect ourselves from this emerging threat. Feross highlighted certain packages, their security issues, and things to look for to practice open source in the safest way. Feross continued his presentation by also sharing tools and systems that can assist in protecting against malware. Finally, the presentation closed with a “JavaScript Security Wishlist” and other goals for the community to aim for.

Full keynote available here: https://www.youtube.com/watch?v=PxLEjzi9rXQ 

Main Sections:

0:00 Introduction

1:25 Hacker story share 

6:00 Tip of the iceberg

7:17 Why is it happening now?

11:55 How does a supply chain attack actually work?

17:18 How can you protect your app?

21:14 How quickly should you update?

22:53 Standard dependency checklist 

25:10 What about a package doing something sketchy?

25:26 What about Malware?

30:50 Closing 

Main OpenJS Resources: 

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/openjs-foundation/