You are viewing content from a past/completed QCon

Presentation: Making Npm Install Safe

Track: Pushing the Web Forward: JavaScript, Frameworks, Transpilers, and WebAssembly

Location: Pacific LMNO

Duration: 1:40pm - 2:30pm

Day of week: Tuesday

Share this on:

Abstract

There’s a JavaScript package for everything. But installing a random package is a security nightmare: the installed package can access your data and send it over the network without anyone ever knowing.

But there’s hope! This talk will discuss how to minimize the risks of running third-party JavaScript. We’ll go over POLA, the Principle of Least Authority, and how object capabilities can help us grant specific, limited resources to third-party code. We’ll also cover the current efforts to enforce security boundaries in JavaScript: SES (Secure ECMAScript) and Realms.

Speaker: Kate Sills

Software Engineer @agoric

Find Kate Sills at

Last Year's Tracks

Monday, 11 November

Tuesday, 12 November

Wednesday, 13 November