Description:

Open source modules, and especially npm, are undoubtedly awesome. However, they also represent an undeniable and massive risk. You're introducing someone else's code into your system, often with little or no scrutiny. Each component may have vulnerabilities (~14% of them do), be compromised, or even be outright malicious. Multiply that risk by hundreds of dependencies, and you have a recipe for disaster.

Guy Podjarny demonstrates how to mitigate this risk without losing productivity. Guy shares data about risk, shows how to find and fix known vulnerabilities in npm dependencies, discusses how to prioritize the ones worthy of manual inspection, and suggests what to monitor in production.

About Guy Podjarny

Guy Podjarny is a cofounder at Snyk.io, where he focuses on securing open source code. Previously, Guy was CTO at Akamai and founder of Blaze.io and worked on the first web app firewall and security code analyzer. Guy is the author of Responsive & Fast, High Performance Images, and the upcoming Securing Open Source Code and a frequent conference speaker.