Several incidents, such as `left-pad`, `eslint-scope` and `event-stream` have shown how easily a couple of `npm install` commands can result in a broken or compromised build. For better or for worse, in the JS ecosystem, it is very easy to pull in dependencies and publish your own packages to the de-facto standard npm registery. This makes pulling in vulnerable or unstable code extremely easy. In this quickie, we will blaze through these incidents and how they could happen. After learning from them, we will present avenues to a safer and saner web development ecosystem.
Pim is a software developer and consultant at Quintor. Currently, he is working on discipl, delivering an open source stack to help government streamline their service to citizens, leveraging cryptography, self-sovereign identity and ledger technologies. In addition, he is working on StudyBits, which aims to provide an international blockchain solution for storing diplomas, using the Sovrin ledger. Before this he finished his MSc Applied Mathematics at Delft University of Technology. He co-authored "TrustChain: A Sybil-resistant Scalable Blockchain", which has been published in Future Generation Computer Systems.
|Talks by tracks||Talks by session types||List of Speakers|