JS Party
Making moves on supply chain security
Feross has been working on something big. He joins Chris and Nick, along with guests Bret Comnes and Mik Lysenko to discuss Socket, what it is, and its focus on the security of the JavaScript supply chain.
Changelog++ members save 5 minutes on this episode because they made the ads disappear. Join today!
Sponsors
- Raygun – Never miss another mission-critical issue again — Raygun Alerting is now available for Crash Reporting and Real User Monitoring, to make sure you are quickly notified of the errors, crashes, and front-end performance issues that matter most to you and your business. Set thresholds for your alert based on an increase in error count, a spike in load time, or new issues introduced in the latest deployment. Start your free 14-day trial at Raygun.com
- Square – Develop on the platform that sellers trust. There is a massive opportunity for developers to support Square sellers by building apps for today’s business needs. Learn more at changelog.com/square to dive into the docs, APIs, SDKs and to create your Square Developer account — tell them Changelog sent you.
- Sourcegraph – Move fast, even in big codebases. Sourcegraph is universal code search for every developer and team. Easily search across all the code that matters to you and your organization: find example code, explore and read code, debug issues, and more. Head to info.sourcegraph.com/changelog and click the button “Try Sourcegraph now” to get started.
- SignalWire – Build what’s next in communications with video, voice, and messaging APIs powered by elastic cloud infrastructure. Try it today at signalwire.com/video and mention “Go Time” to receive an extra 5,000 video minutes.
Featuring
- Bret Comnes – Twitter, GitHub, Website
- Mikola Lysenko – Twitter, GitHub
- Nick Nisi – Twitter, GitHub, Website
- Christopher Hiller – Twitter, GitHub, Website
- Feross Aboukhadijeh – Twitter, GitHub, Website
Notes and Links
- 0 FPS
- Changelog #482 - Securing the open source supply chain
- Socket
- React on Socket
- npm audit
- Lighthouse
- peacenotwar supply chain attack
- If you’re writing your first npm package: I highly recommend keeping it
Something missing or broken? PRs welcome!