Supplychain attack (rogue deps) targeting devs, a walkthru [hu, w some js code]
![Supplychain attack (rogue deps) targeting devs, a walkthru [hu, w some js code]](https://secure.meetupstatic.com/photos/event/6/9/5/2/highres_518066962.webp?w=750)
Details
"For security reasons Bun does not execute lifecycle scripts of installed dependencies." "Never lose another night's sleep over a security breach or incident. Equip your team with Socket to gain the confidence to ship, and maintain apps." ... We are protected now against rogue deps even using freeware and free plans, right?! Let's walk thru a simple case.
1h talk, anyone can interrupt with comments, questions and share their own professional experiences.
Live on telegram:
https://t.me/owasphu?livestream
Post on yt:
https://www.youtube.com/@owasphu
Outline:
https://owasphu.notion.site/OWASP-HU-231228-Rogue-deps-4789fbd40e4a4f21be8afa6ca9aada15?pvs=4
Photo by [Christina @ wocintechchat.com](https://unsplash.com/@wocintechchat?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash)
Sponsors
Supplychain attack (rogue deps) targeting devs, a walkthru [hu, w some js code]