Making "safe npm"

JS Party: JavaScript, CSS, Web Development

Nội dung được cung cấp bởi Changelog Media. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Changelog Media hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

2+ y ago 1:02:06

MP3•Trang chủ episode

Series đã xóa ("Feed không hoạt động" status)

When? This feed was archived on December 02, 2025 01:34 (15d ago). Last successful fetch was on March 07, 2025 14:01 (9M ago)

Why? Feed không hoạt động status. Server của chúng tôi không thể lấy được feed hoạt động của podcast trong một khoảng thời gian.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code

Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.

Join the discussion

Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
KBall Coaching – Free exploratory coaching sessions from JS Party co-host KBall! Click here to get started

Featuring:

Bradley Meck Farias – GitHub, LinkedIn, Mastodon, X
Jerod Santo – GitHub, LinkedIn, Mastodon, X
Feross Aboukhadijeh – Website, GitHub, X
Christopher Hiller – Website, GitHub, Mastodon, X

Show Notes:

Something missing or broken? PRs welcome!

Chương

1. It's party time, y'all (00:00:00)

2. Welcoming Bradley to the pod (00:01:03)

3. Intro to "safe npm" (00:02:20)

4. Socket in your CLI (00:05:08)

5. Devs care about different things (00:11:08)

6. Appetite for disruption (00:12:12)

7. What we want vs what we need (00:14:15)

8. Sponsor: Changelog News (00:19:43)

https://changelog.com/news

9. Building an npm wrapper (00:20:43)

10. Open source & security concerns (00:30:51)

11. Sponsor: KBall Coaching (00:35:02)

https://www.kball.llc/coaching

12. Using the npm wrapper (00:35:44)

13. Working with yarn (00:37:27)

14. npm uninstall installs stuff?! (00:40:14)

15. How Socket deals with this (00:43:32)

16. Is it vendoring npm or no? (00:45:04)

17. Windows (non) support (00:46:56)

18. What's next (00:50:21)

19. Wrapping up (00:53:50)

20. Next up on the pod (00:54:12)

https://changelog.com/++

21. ++BONUS FOR ALL (00:55:31)