Eval all the strings! Hardened JavaScript - Zbyszek Tenerowicz | NodeConf EU 2022
Vložit
- čas přidán 27. 08. 2024
- Being able to run someone else's code without negative consequences is the ultimate supply chain security. What if I told you it's possible? Limit access to globals for a package? Sure. Control if a package can access network or file system? Yup, that too. And no more prototype pollution. I'll start by replacing eval() with good(), get to TC39 proposals, and then all the way back to what you can practically use right away!
*****
Full-stack developer and technology researcher. Built and operated over 30 Node.js-powered applications in production at Egnyte Inc. Currently working on JavaScript security as part of the LavaMoat team at MetaMask. Open-source enthusiast. Enjoys discovering and teaching advanced concepts for diagnostics, security, and maintainability. One of the oldest members of meet.js Poland community - both as a speaker and organizer.
*****
Recorded at NodeConf EU 2022 in Lyrath Estate, Kilkenny, Ireland.
Hosted by NearForm
Thank you to our sponsors:
* NearForm
* Charles River
* web3.storage
* Sidero
* Google Cloud
* Platformatic
* Snyk
* Bloomberg
Visit: www.nodeconf.eu/
