Untangle the Secrets of your JavaScript Dependencies

Untangle the Secrets of your JavaScript Dependencies

Aug 15, 2022

In an ecosystem with an increasing number of dependencies, maintainers and supply chain attacks, discover an open source tool designed to analyze in depth the dependencies of a given remote package or local manifest. Not knowing what’s in the node_modules directory is a bad dream from the past. Dive in with me to find out the secrets that your dependencies hide from you.

Thomas Gentilhomme - https://twitter.com/fraxken

00:00:00 - Stream Start
00:04:50 - Introductions
00:06:16 - Meeting our Guest Thomas Gentilhomme
00:07:27 - Thomas' Background and Experience
00:10:40 - How Thomas got into Node.js
00:16:22 - The Types of Applications Thomas has Focused on
00:20:52 - How Thomas Developed a Focus on Security
00:23:27 - What is NodeSecure
00:34:45 - How do we Untangle the Secrets of JavaScript Dependencies - NodeSecure CLI
00:38:30 - Is it Bad to Have A LOT of Dependencies
00:45:25 - Exploring the Visualization of Dependencies with NodeSecure CLI
00:50:54 - Diving into Package Details
00:56:50 - What are the Use Cases of Visualizing Dependencies
01:06:07 - More Features of the NodeSecure CLI
01:11:15 - Running the NodeSecure CLI in a Project
01:16:07 - NodeSecure Vulnera Tool
01:18:44 - Testing One of Brian's Example NPM Packages
01:22:33 - Closing
01:25:06 - Stream End

Further Resources:
NodeSecure CLI: https://github.com/nodesecure/cli
NodeSecure Vulnera: https://github.com/NodeSecure/vulnera
Snyk Advisor: https://snyk.io/advisor

Make sure to subscribe so you don’t miss new content!

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Learn more about Snyk http://bit.ly/snyk-io

📱Social Media📱
Twitter: https://twitter.com/snyksec
Facebook: https://www.facebook.com/snyksec
LinkedIn: https://www.linkedin.com/company/snyk
Website: https://snyk.io/