Making "safe npm"

JS Party: JavaScript, CSS, Web Development

JS Party: JavaScript, CSS, Web Development

Nội dung được cung cấp bởi Changelog Media. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được tải lên và cung cấp trực tiếp bởi Changelog Media hoặc đối tác nền tảng podcast của họ. Nếu bạn tin rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không được phép, bạn có thể làm theo quy trình được nêu tại đây https://vi.player.fm/legal.

5M ago 1:02:06

MP3•Trang chủ episode

Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code

Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.

Leave us a comment

Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
KBall Coaching – Free exploratory coaching sessions from JS Party co-host KBall! Click here to get started

Featuring:

Bradley Meck Farias – Mastodon, Twitter, GitHub, LinkedIn
Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
Feross Aboukhadijeh – Twitter, GitHub, Website
Christopher Hiller – Twitter, GitHub, Website

Show Notes:

Something missing or broken? PRs welcome!

Timestamps:

(00:00) - It's party time, y'all
(01:03) - Welcoming Bradley to the pod
(02:20) - Intro to "safe npm"
(05:08) - Socket in your CLI
(11:08) - Devs care about different things
(12:12) - Appetite for disruption
(14:15) - What we want vs what we need
(19:43) - Sponsor: Changelog News
(20:43) - Building an npm wrapper
(30:51) - Open source & security concerns
(35:02) - Sponsor: KBall Coaching
(35:44) - Using the npm wrapper
(37:27) - Working with yarn
(40:14) - npm uninstall installs stuff?!
(43:32) - How Socket deals with this
(45:04) - Is it vendoring npm or no?
(46:56) - Windows (non) support
(50:21) - What's next
(53:50) - Wrapping up
(54:12) - Next up on the pod
(55:31) - ++BONUS FOR ALL

303 tập

#JavaScript #Prog Languages #Tech News #Jsparty #Web #Programming #Frontend #Backend #Node #Changelog #Changelog Media #Tech #Animation #HTML #CSS #IoT #Robots

JS Party: JavaScript, CSS, Web Development

Making "safe npm"

JS Party: JavaScript, CSS, Web Development

977 subscribers

published 5M ago

Chia sẻ

MP3•Trang chủ episode

Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.

Leave us a comment

Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
KBall Coaching – Free exploratory coaching sessions from JS Party co-host KBall! Click here to get started

Featuring:

Bradley Meck Farias – Mastodon, Twitter, GitHub, LinkedIn
Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
Feross Aboukhadijeh – Twitter, GitHub, Website
Christopher Hiller – Twitter, GitHub, Website

Show Notes:

Something missing or broken? PRs welcome!

Timestamps:

303 tập

#JavaScript #Prog Languages #Tech News #Jsparty #Web #Programming #Frontend #Backend #Node #Changelog #Changelog Media #Tech #Animation #HTML #CSS #IoT #Robots

Tất cả các tập

Chào mừng bạn đến với Player FM!

Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.