-
Notifications
You must be signed in to change notification settings - Fork 501
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
69 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| --- | ||
| number: 705 | ||
| title: Is Running Random Code From npm Safe? With Feross Aboukhadijeh | ||
| date: 1702641600697 | ||
| url: https://traffic.libsyn.com/syntax/Syntax_-_705.mp3 | ||
| guest: | ||
| name: Feross Aboukhadijeh | ||
| github: feross | ||
| twitter: feross | ||
| url: https://feross.org/ | ||
| --- | ||
|
|
||
| In this Supper Club episode of Syntax, Wes and Scott talk with Feross Aboukhadijeh about his work on Socket which helps to make sure the code you get from npm is safe and secure. They also touch on his work on Wormhole and Web Torrent. | ||
|
|
||
| ### Show Notes | ||
|
|
||
| * **[00:30](#t=00:30)** Welcome | ||
| * **[00:57](#t=00:57)** Who is Feross Aboukhadijeh? | ||
| * **[01:33](#t=01:33)** What is Socket? | ||
| * [Socket.dev](https://socket.dev | ||
| * [dominictarr (Dominic Tarr)](https://github.com/dominictarr) | ||
| * [pull-stream/pull-stream: minimal streams](https://github.com/pull-stream/pull-stream) | ||
| * **[03:59](#t=03:59)** Introducing AI package summaries | ||
| * [Example of the AI summaries](https://socket.dev/npm/package/lodash) | ||
| * [Introducing AI Package Summaries](https://socket.dev/blog/introducing-ai-package-summaries) | ||
| * **[07:04](#t=07:04)** Is Socket's focus on visibility of a open source project? | ||
| * **[10:01](#t=10:01)** What was the inspiration for Socket? | ||
| * [Introducing "safe npm", a Socket npm Wrapper - Socket](https://socket.dev/blog/introducing-safe-npm) | ||
| * **[16:22](#t=16:22)** How does Socket detect possible security issues? | ||
| * [Removed packages](https://socket.dev/npm/category/removed) | ||
| * [event-source-polyfill protestware attack](https://socket.dev/npm/package/event-source-polyfill/diff/1.0.26) | ||
| * [john wick spam attack](https://socket.dev/blog/npm-registry-spam-john-wick) | ||
| * **[18:55](#t=18:55)** How many projects are you injesting for Socket to scan? | ||
| * **[26:00](#t=26:00)** What kinds of things are people trying to inject in code? | ||
| * [CS253 Web Security](https://cs253.stanford.edu/) | ||
| * **[29:54](#t=29:54)** How do I hook Socket up to my project or GitHub? | ||
| * **[32:08](#t=32:08)** Do we still need to use shrink wrap? | ||
| * **[36:34](#t=36:34)** How did you implement the torrent spec in JavaScript for WebTorrent? | ||
| * [WebTorrent Desktop](https://webtorrent.io/desktop/) | ||
| * [WebTorrent FAQ](https://webtorrent.io/faq) | ||
| * **[43:11](#t=43:11)** Why did you build Wormhole? | ||
| * [Wormhole](https://wormhole.app/) | ||
| * **[47:33](#t=47:33)** How expensive is it to maintain Wormhole? | ||
| * [Riverside.fm - Record Podcasts And Videos From Anywhere](https://riverside.fm/) | ||
| * **[50:37](#t=50:37)** What do you think of decentralized code repos? | ||
| * [Radicle](https://radicle.xyz/) | ||
| * [Project Fugu](https://www.chromium.org/teams/web-capabilities-fugu/) | ||
| * [Fugu Tracker](https://fugu-tracker.web.app/) | ||
| * **[54:29](#t=54:29)** Understanding passkeys | ||
| * **[56:15](#t=56:15)** Supper Club questions | ||
| * [GitHub Theme - Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=GitHub.github-vscode-theme) | ||
| * [Web Serial API - Web APIs | MDN](https://developer.mozilla.org/en-US/docs/Web/API/Web_Serial_API) | ||
| * **[01:03:04](#t=01:03:04)** Sick Picks | ||
|
|
||
| ### Sick Picks | ||
|
|
||
| * [Harry Potter audio books](https://www.audible.com/search?searchNarrator=Jim+Dale&page=1&ref_pageloadid=Y232dKyXJGQwY3D1&ref=a_search_c4_pageBack&pf_rd_p=1d79b443-2f1d-43a3-b1dc-31a2cd242566&pf_rd_r=7R36W9E563TXEW646N1V&pageLoadId=pPGcJ2msQJM8cETD&ref_plink=not_applicable&creativeId=18cc2d83-2aa9-46ca-8a02-1d1cc7052e2a) | ||
|
|
||
| ### Shameless Plugs | ||
|
|
||
| * [ChatGPT](https://chat.openai.com/auth/login) | ||
|
|
||
| ### Hit us up on Socials! | ||
|
|
||
| Syntax: [X](https://twitter.com/syntaxfm) [Instagram](https://www.instagram.com/syntax_fm/) [Tiktok](https://www.tiktok.com/@syntaxfm) [LinkedIn](https://www.linkedin.com/company/96077407/admin/feed/posts/) [Threads](https://www.threads.net/@syntax_fm) | ||
|
|
||
| Wes: [X](https://twitter.com/wesbos) [Instagram](https://www.instagram.com/wesbos/) [Tiktok](https://www.tiktok.com/@wesbos) [LinkedIn](https://www.linkedin.com/in/wesbos/) [Threads](https://www.threads.net/@wesbos) | ||
|
|
||
| Scott: [X](https://twitter.com/stolinski) [Instagram](https://www.instagram.com/stolinski/) [Tiktok](https://www.tiktok.com/@stolinski) [LinkedIn](https://www.linkedin.com/in/stolinski/) [Threads](https://www.threads.net/@stolinski) |