Leipzig.js #8 (Onsite & Online) - Hands-On Supply Chain Security in npm Projects

👋 Hello and welcome to the 8th Leipzig.js meetup 🥳!

This time, we’ll have an amazing talk about a topic that has come up very often in recent months: supply chain security in the npm ecosystem. If you’re interested, feel free to join us 🙂

Info: This talk has already been given. Please see this event: https://www.meetup.com/le-software-craft-community/events/313223057/
So it will be more or less the same talk. You’re still welcome to join, but please don’t expect new content compared to the last event.

The event is suitable for beginners to intermediate attendees.

***

### About the talk:

Hardly a week goes by without new headlines about supply chain attacks in the npm ecosystem. These incidents often cause concern and uncertainty, even among experienced teams. The range of possible countermeasures can seem overwhelming, but some steps are straightforward to implement and deliver immediate benefits.

In this session, I will demonstrate, using live examples, how our team significantly improved project security through practical measures: dependency management, version locking, blocking build scripts, hardening our Renovate configuration, and migrating to pnpm. You’ll see which steps had the biggest impact and how you can apply them in your own projects.

Join this session if you want to stay calm when the next npm supply chain attack hits the headlines.

***

☝ Important to know:
👨‍💼 Speaker: Bertram Vogel (https://www.linkedin.com/in/bertramvogel/)
💬 Language: English
🦾 Level: Beginner to Intermediate
🧠 Previous knowledge (desirable): Familiarity with a package manager such as npm and a basic understanding of dependency management are helpful.
📹 Will it be recorded? Yes – https://teams.microsoft.com/meet/310346455819828?p=KRsjEUNDliWchB10Pg (Working in browser, no Account is needed)

***

🗣️ About our speaker: Bertram Vogel (https://www.linkedin.com/in/bertramvogel/)

Bertram has spent more than ten years working on everything required to successfully develop, deploy, and maintain web applications in the cloud. He works as a Senior IT Consultant at codecentric AG in Erfurt. In addition to the intricacies of TypeScript and React, his current focus is on “AI-powered working.”
As he is passionate about sharing knowledge, he organizes and moderates a regular internal exchange on this topic. You can find Bertram on LinkedIn, at metal concerts, or immersed in LEGO building instructions.

***

⏰ Schedule:

• Entry: ~6:00 pm ⚠️
• Orga: 6:15 – 6:30 pm
• Start of the event: ~6:30 pm
• Talk: ~45 min
• Afterwards, we’ll hang out together — so feel free to stay & join us 🦄

***

🏡 Location: Finatix

We will have food and drinks — thanks to our sponsor Finatix 🙌