JS Party: JavaScript, CSS, Web Development
Technology
Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code
Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.
Leave us a comment
Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
Featuring:
Show Notes:
Something missing or broken? PRs welcome!
Timestamps:
(00:00) - It's party time, y'all
(01:03) - Welcoming Bradley to the pod
(02:20) - Intro to "safe npm"
(05:08) - Socket in your CLI
(11:08) - Devs care about different things
(12:12) - Appetite for disruption
(14:15) - What we want vs what we need
(19:43) - Sponsor: Changelog News
(20:43) - Building an npm wrapper
(30:51) - Open source & security concerns
(35:02) - Sponsor: KBall Coaching
(35:44) - Using the npm wrapper
(37:27) - Working with yarn
(40:14) - npm uninstall installs stuff?!
(43:32) - How Socket deals with this
(45:04) - Is it vendoring npm or no?
(46:56) - Windows (non) support
(50:21) - What's next
(53:50) - Wrapping up
(54:12) - Next up on the pod
(55:31) - ++BONUS FOR ALL
Create your
podcast in
minutes
It is Free