In an ecosystem with an increasing number of dependencies, maintainers and supply chain attacks, discover an open source tool designed to analyze in depth the dependencies of a given remote package or local manifest. Not knowing what’s in the node_modules directory is a bad dream from the past. Dive in with me to find out the secrets that your dependencies hide from you.

Guest:
Thomas Gentilhomme - https://twitter.com/fraxken

Chapters:
00:00:00 - Stream Start
00:04:50 - Introductions
00:06:16 - Meeting our Guest Thomas Gentilhomme
00:07:27 - Thomas' Background and Experience
00:10:40 - How Thomas got into Node.js
00:16:22 - The Types of Applications Thomas has Focused on
00:20:52 - How Thomas Developed a Focus on Security
00:23:27 - What is NodeSecure
00:34:45 - How do we Untangle the Secrets of JavaScript Dependencies - NodeSecure CLI
00:38:30 - Is it Bad to Have A LOT of Dependencies
00:45:25 - Exploring the Visualization of Dependencies with NodeSecure CLI
00:50:54 - Diving into Package Details
00:56:50 - What are the Use Cases of Visualizing Dependencies
01:06:07 - More Features of the NodeSecure CLI
01:11:15 - Running the NodeSecure CLI in a Project
01:16:07 - NodeSecure Vulnera Tool
01:18:44 - Testing One of Brian's Example NPM Packages
01:22:33 - Closing
01:25:06 - Stream End

Further Resources:
NodeSecure CLI: https://github.com/nodesecure/cli
NodeSecure Vulnera: https://github.com/NodeSecure/vulnera
Snyk Advisor: https://snyk.io/advisor

Make sure to subscribe so you don’t miss new content!

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Learn more about Snyk http://bit.ly/snyk-io

📱Social Media📱
___________________________________________
Twitter: https://twitter.com/snyksec
Facebook: https://www.facebook.com/snyksec
LinkedIn: https://www.linkedin.com/company/snyk
Website: https://snyk.io/