Software’s best weekly news brief, deep technical interviews & talk show.
…
continue reading
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Similar cu JS Party: JavaScript, CSS, Web Development
This podcast talks about how to program in Java; not your tipical system.out.println("Hello world"), but more like real issues, such as O/R setups, threading, getting certain components on the screen or troubleshooting tips and tricks in general. The format is as a podcast so that you can subscribe to it, and then take it with you and listen to it on your way to work (or on your way home), and learn a little bit more (or reinforce what you knew) from it.
…
continue reading
A podcast about web design and development.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Join our weekly discussion about how to build top end Angular applications and become an Angular expert. Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !
Treceți offline cu aplicația Player FM !
))
The massive bug at the heart of npm
Manage episode 370709941 series 1391411
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Darcy Clarke, former GitHub Staff Engineering Manager and founder of vlt, joins us to discuss a major bug in the npm ecosystem that he recently disclosed. We cover the bug’s timeline, nuances, and impact, all while setting some important context on npm packages, clients, and registries. Tune in to learn how to protect your codebase and gain a deeper understanding of this crucial part of the JavaScript ecosystem.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
- Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
- Typesense – Lightning fast, globally distributed Search-as-a-Service that runs in memory. You literally can’t get any faster!
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
- Darcy Clarke – Mastodon, Twitter, GitHub, LinkedIn, Website
- Amal Hussein – Twitter, GitHub
- Feross Aboukhadijeh – Twitter, GitHub, Website
Show Notes:
- Darcy / vlt’s blog post on this massive npm bug
- Feross / Socket’s follow-up blog post in this issue
- Refactor Conf - Darcy & Feross will be speaking in July
- Verdaccio (not to be mistaken with Versace) - an open source npm registry proxy
- Github layoffs for engineering team in India
- Bug filled July 28th, 2022 related to binding.gyp and triaged on October 22nd, 2022
- Darcy’s original test POC from Nov 2nd, 2022
- Darcy’s POC from March 8th, 2023 which was used in the HackerOne report to Github
- Legacy docs for npm publish params
- Tool for checking packages for manifest mismatches
- Great resource for security acronyms
Something missing or broken? PRs welcome!
Capitole
1. It's party time, y'all (00:00:00)
2. Welcoming Darcy (00:00:40)
3. A massive bug (00:02:56)
4. Ecosystem overview (00:05:04)
5. But why? (00:09:30)
6. Verdaccio (00:13:58)
7. Why is this so broken (00:16:46)
8. Timeline of the bug (00:27:38)
9. Blog post feedback (00:41:40)
10. Why, GitHub, why?! (00:43:45)
11. Sponsor: Changelog News (00:45:12)
12. How do we dig ourselves out (00:46:44)
13. What the early days were like (00:53:14)
14. What's next for Darcy (00:55:03)
15. vlt (Volt) (00:57:25)
16. Closing time! (00:59:45)
17. Next up on the pod (01:01:57)
334 episoade
Distribuie
Manage episode 370709941 series 1391411
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Darcy Clarke, former GitHub Staff Engineering Manager and founder of vlt, joins us to discuss a major bug in the npm ecosystem that he recently disclosed. We cover the bug’s timeline, nuances, and impact, all while setting some important context on npm packages, clients, and registries. Tune in to learn how to protect your codebase and gain a deeper understanding of this crucial part of the JavaScript ecosystem.
Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
- Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
- Typesense – Lightning fast, globally distributed Search-as-a-Service that runs in memory. You literally can’t get any faster!
- Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Featuring:
- Darcy Clarke – Mastodon, Twitter, GitHub, LinkedIn, Website
- Amal Hussein – Twitter, GitHub
- Feross Aboukhadijeh – Twitter, GitHub, Website
Show Notes:
- Darcy / vlt’s blog post on this massive npm bug
- Feross / Socket’s follow-up blog post in this issue
- Refactor Conf - Darcy & Feross will be speaking in July
- Verdaccio (not to be mistaken with Versace) - an open source npm registry proxy
- Github layoffs for engineering team in India
- Bug filled July 28th, 2022 related to binding.gyp and triaged on October 22nd, 2022
- Darcy’s original test POC from Nov 2nd, 2022
- Darcy’s POC from March 8th, 2023 which was used in the HackerOne report to Github
- Legacy docs for npm publish params
- Tool for checking packages for manifest mismatches
- Great resource for security acronyms
Something missing or broken? PRs welcome!
Capitole
1. It's party time, y'all (00:00:00)
2. Welcoming Darcy (00:00:40)
3. A massive bug (00:02:56)
4. Ecosystem overview (00:05:04)
5. But why? (00:09:30)
6. Verdaccio (00:13:58)
7. Why is this so broken (00:16:46)
8. Timeline of the bug (00:27:38)
9. Blog post feedback (00:41:40)
10. Why, GitHub, why?! (00:43:45)
11. Sponsor: Changelog News (00:45:12)
12. How do we dig ourselves out (00:46:44)
13. What the early days were like (00:53:14)
14. What's next for Darcy (00:55:03)
15. vlt (Volt) (00:57:25)
16. Closing time! (00:59:45)
17. Next up on the pod (01:01:57)
334 episoade
Toate episoadele
×
Bun venit la Player FM!
Player FM scanează web-ul pentru podcast-uri de înaltă calitate pentru a vă putea bucura acum. Este cea mai bună aplicație pentru podcast și funcționează pe Android, iPhone și pe web. Înscrieți-vă pentru a sincroniza abonamentele pe toate dispozitivele.
Similar cu JS Party: JavaScript, CSS, Web Development
Software’s best weekly news brief, deep technical interviews & talk show.
…
continue reading
This podcast talks about how to program in Java; not your tipical system.out.println("Hello world"), but more like real issues, such as O/R setups, threading, getting certain components on the screen or troubleshooting tips and tricks in general. The format is as a podcast so that you can subscribe to it, and then take it with you and listen to it on your way to work (or on your way home), and learn a little bit more (or reinforce what you knew) from it.
…
continue reading
A podcast about web design and development.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Join our weekly discussion about how to build top end Angular applications and become an Angular expert. Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !
Treceți offline cu aplicația Player FM !
