From Panic to Protection: Hands-On Supply Chain Security in npm Projects
Details
We're back with another interesting topic, this time in english!
Abstract
Hardly a week goes by without new headlines about supply chain attacks in the npm ecosystem. These incidents often cause concern and uncertainty, even among experienced teams. The range of possible countermeasures can seem overwhelming, but some steps are straightforward to implement and deliver immediate benefits.
In this session, I will demonstrate using live examples how our team significantly improved project security through practical measures: dependency management, version locking, blocking build scripts, hardening our Renovate configuration and migrating to pnpm. You’ll see which steps had the biggest impact and how you can apply them in your own projects.
Join this session if you want to keep calm when the next npm supply chain attack hits the headlines.
Prerequisites
Familiarity with a package manager such as npm and a basic understanding of dependency management are helpful.
Learning Outcomes
After this session, participants will:
- Understand the main risks regarding the supply chain in the npm ecosystem.
- Know how to handle dependencies and build scripts securely.
- Take away actionable tips and see live demonstrations of simple steps to improve supply chain security in their own projects.
Our speaker Bertram Vogel:
Bertram has spent more than ten years focusing on everything required to successfully develop, deploy, and maintain web applications in the cloud. He works as a Senior IT Consultant at codecentric AG in Erfurt. In addition to the intricacies of TypeScript and React, his current focus is on “AI-powered Working”. Since he is passionate about sharing knowledge, he organizes and moderates a regular internal exchange on this topic. You can find Bertram on LinkedIn, at metal concerts, or immersed in LEGO building instructions.
Pizza and Drinks are on codecentric, thanks a lot!
Agenda:
Presentation: 18.00
Pizza: 19.15