Overview
This course aims to educate developers on the susceptibility to malicious NPM packages and the potential risks they pose. By exploring various demos, participants will learn how malicious packages can modify code, affect package.json publish scripts, and more. The course equips learners with the knowledge to enhance their developer security skills and provides recommendations and open-source tools to prevent such attacks. The teaching method includes live demos and discussions, making it suitable for developers looking to strengthen their security practices in the software development process.
Syllabus
- Stream Start
- Introductions
- Audit-resolver Project
- How do Developers Install Malicious Packages?
- Demo: Malicious Package via postinstall script
- Demo: Malicious Package with TypeScript
- Demo: Malicious Package via Pipeline and prepublish script
- Recommendations to Stop These Attacks
- Some Open Source Tools to Help
- Conclusion
- Outro
- Stream End
Taught by
Snyk