← Back to all videos

Guy Podgarny - Stranger Danger: Npm & Node Security


Guy Podgarny - Stranger Danger: Npm & Node Security

Open source modules, and especially npm, are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Each component may have vulnerabilities (~14% of them do), be compromised, or even be outright malicious. Multiply that risk by hundreds of dependencies, and you have a recipe for disaster. Guy will demonstrate how you can mitigate this risk without losing productivity. We will also share data about risk, show how to find and fix known vulnerabilities in these dependencies, discuss how to prioritize the ones worthy of manual inspection, and suggest what to monitor in production. Guy Podjarny (@guypod) is a cofounder at Snyk.io focusing on the security risk in your dependencies. Guy was previously CTO at Akamai and founder of Blaze.io, and worked on the first web app firewall, security static analysis tool. Guy is a frequent conference speaker, the author of "Responsive & Fast”, “High Performance Images” and the upcoming “Securing Third Party Code” (via O’Reilly), and the creator of Mobitest.