Guy Podjarny

Stranger Danger: Securing npm Dependencies

Date: This event took place live on January 10 2017

Presented by: Guy Podjarny

Duration: Approximately 60 minutes.

Cost: Free

Questions? Please send email to


Open source modules, and especially npm, are undoubtedly awesome. However, they also represent an undeniable and massive risk. You're introducing someone else's code into your system, often with little or no scrutiny. Each component may have vulnerabilities (~14% of them do), be compromised, or even be outright malicious. Multiply that risk by hundreds of dependencies, and you have a recipe for disaster.

Guy Podjarny demonstrates how to mitigate this risk without losing productivity. Guy shares data about risk, shows how to find and fix known vulnerabilities in npm dependencies, discusses how to prioritize the ones worthy of manual inspection, and suggests what to monitor in production.

About Guy Podjarny

Guy Podjarny is a cofounder at, where he focuses on securing open source code. Previously, Guy was CTO at Akamai and founder of and worked on the first web app firewall and security code analyzer. Guy is the author of Responsive & Fast, High Performance Images, and the upcoming Securing Open Source Code and a frequent conference speaker.