Presentation: Making Npm Install Safe

Track: Pushing the Web Forward: JavaScript, Frameworks, Transpilers, and WebAssembly

Location: Pacific LMNO

Duration: 1:40pm - 2:30pm

Day of week:

More talks on:

This presentation is now available to view on InfoQ.com

Watch video

Abstract

There’s a JavaScript package for everything. But installing a random package is a security nightmare: the installed package can access your data and send it over the network without anyone ever knowing.

But there’s hope! This talk will discuss how to minimize the risks of running third-party JavaScript. We’ll go over POLA, the Principle of Least Authority, and how object capabilities can help us grant specific, limited resources to third-party code. We’ll also cover the current efforts to enforce security boundaries in JavaScript: SES (Secure ECMAScript) and Realms.

Speaker: Kate Sills

Software Engineer @agoric

Kate Sills is a software engineer at Agoric, building composable smart contract components in a secure subset of JavaScript. Previously, Kate has researched and written on the potential uses of smart contracts to enforce agreements and create institutions orthogonal to legal jurisdictions. Kate earned her degree in CS from UC Berkeley, and is building a tiny house in her spare time.

Find Kate Sills at

Speaker page

@kate_sills
https://www.linkedin.com/in/kate-sills-79170a14/

Similar Talks

Pick Your Region: Earth; Cloudflare Workers

Qcon

Core Rust Team @RustLang

Ashley Williams

License Compliance for Your Container Supply Chain

Qcon

Open Source Engineer @VMware

Nisha Kumar

Optimizing Yourself: Neurodiversity in Tech

Qcon

Consultant @Microsoft

Elizabeth Schneider

[CANCELLED] Balancing Priorities: Revenue Generation vs. Revenue Protection

Qcon

Director of Digital Transformation @Tasktop

Dominica DeGrandis

Mapping the Evolution of Socio-Technical Systems

Qcon

Agile Methods Coach & Advocate for Woman in Tech

Cat Swetel

Coding without Complexity

Qcon

CEO/Cofounder @darklang

Ellen Chisa

CI/CD for Machine Learning

Qcon

Program Manager on the Azure DevOps Engineering Team @Microsoft

Sasha Rosenbaum

Observability in the Development Process: Not Just for Ops Anymore

Qcon

Cofounder @honeycombio

Christine Yen

5 Simple Tools to Unlock Innovation

Qcon

Director of Engineering @GravityPymts

Sarah Shewell