Socket was featured in today:
"This JavaScript scanner hunts down malware in libraries"
theregister.com/2022/03/01/soc
Pinned Tweet
Follow
Socket
@SocketSecurity
Secure your JavaScript supply chain. Depend on Socket to protect your app from malicious dependencies lurking in your open source supply chain.
Socket’s Tweets
Another week, another npm supply chain attack 😢
If you haven't read our post "What's Really Going On Inside Your node_modules Folder?", don't miss it.
It's a must read.
1
8
18
Do you know what's really going on in your node_modules folder? will help to understand the scope of the supply chain threats against the open source ecosystem, with a focus on npm and JavaScript. #ejs
Details👉bit.ly/3LS7ctp
Tickets🎫enterjs.de/tickets.php
GIF
read image description
ALT
3
1
Another week, another npm supply chain attack 😢
If you haven't read our post "What's Really Going On Inside Your node_modules Folder?", don't miss it.
It's a must read.
1
8
18
Curious about npm supply chain attacks and what you can do to defend against them? Come see speak at to learn about the latest attacker techniques and get concrete tips to secure your code!
Quote Tweet
Do you know what's really going on in your node_modules folder? @feross will help to understand the scope of the supply chain threats against the open source ecosystem, with a focus on npm and JavaScript. #ejs
Details
bit.ly/3LS7ctp
Tickets
enterjs.de/tickets.php
bit.ly/3LS7ctp
Ticketsenterjs.de/tickets.phpGIF
read image description
ALT
3
Topics to follow
Sign up to get Tweets about the Topics you follow in your Home timeline.
Carousel
🎧 New episode of JS Party! 🎧
💬 Making moves on supply chain security
💫 w/ &
🎙 hosted by &
🗃�? tagged #javascript #infosec #npm
💚 jsparty.fm/219
10
11
✨ I had a super fun conversation with , , and the crew! ✨
🗣 Why does seem to have more attacks than other ecosystems?
🗣 How are vulnerabilities and malware different?
🗣 How does work behind-the-scenes?
�?�? Listen now!
Quote Tweet
New episode of JS Party!
Making moves on supply chain security
w/ @feross @bcomnes & @MikolaLysenko
hosted by @nicknisi & @b0neskull
tagged #javascript #infosec #npm
jsparty.fm/2198
10
Must listen show! So many insights if you want to deliver secure software with Awesome �?��?� project
1
2
1
🗣�? : Open-source supply chain attacks
🗒�? Majority of our code is written by volunteers and we trust without reading.
🤔 Malicious code often in npm install scripts, sometimes a typo away from popular package names.
➡�? socket.dev
#CascadiaJS
4
5
Show this thread
5
13
Wonderful talk by (one of my favourite speakers). You should definitely checkout his socket.dev.
Also have you thought of making a cli tool so that we can audit our projects locally?
youtu.be/-uAX28hfZcc
1
4
9
I keep trying to read more about what socket.dev does but I cannot for the life of me stop playing with the interactive bundle visualizer on the home page.
1
2
11
Replying to
It’s not sandboxing, but socket.dev is specifically out to reduce supply chain attacks across different languages
1
2
5
Show this thread
Quote Tweet
Happening now! @b0neskull and @nicknisi talk to @feross, @bcomnes, and @mikolalysenko about @SocketSecurity youtube.com/watch?v=qn1lSU4
4
4
🎊 Happening now! and talk to , , and about
1
6
6
I had a SUPER FUN conversation with the team. We talked about JavaScript supply chain attacks and why this is such a problem in 2022.
Quote Tweet
We talked to @feross about Wormhole last June. Now he joins us to talk about @SocketSecurity, a new security company that protects your most critical apps from supply chain attacks.
Apple: apple.co/37EG6XN
Spotify: spoti.fi/3qqpoCi
Google: bit.ly/36D0x7d
1
3
6
We talked to about Wormhole last June. Now he joins us to talk about , a new security company that protects your most critical apps from supply chain attacks.
Apple: apple.co/37EG6XN
Spotify: spoti.fi/3qqpoCi
Google: bit.ly/36D0x7d
6
10
Do you know what’s really going on in your node_modules folder? will dive into examples of recent supply chain attacks and what concrete steps you can take to protect your team from this emerging threat.
1
2
6
If you're a JS/TS developer, check this out.
Also, the webgl viz deconstructing node_modules is 🔥
2
6
Excited to be speaking at Nordic.js for the second time! This is gonna be awesome!
The JavaScript security space is evolving quickly these days, so there will be lots of new and exciting stuff to talk about by October I’m sure!
2
22
1
2
Give it up for Feross Aboukhadijeh () who is the Founder and CEO of Socket () �?�?�?
His talk is called “What's Really Going on Inside Your Node_Modules Folder�?.
Get your ticket at nordicjs.com/2022/ #nordicjs
1
3
7
Show this thread
Wow, this is a fabulous tool.
1
2
4
A great article on #npm #security issues from :
(and his new awesome, most needed tool )
socket.dev/blog/inside-no
Might run "npm install" in a #Docker container as an extra layer between the packages and my machine now.
#JavaScript
8
7
3
12
Introducing Socket [service that detects malicious npm packages via static and dynamic analysis]
socket.dev/blog/introduci ^ar
6
7
Quote Tweet
Software supply-chain attacks are not talked about nearly enough. Socket is really cool and Feross gets this stuff better than anyone twitter.com/feross/status/…
1
2
6
Check out this week's episode of #JavaScriptJabber with
#JSJ: Supply Chain Security - Part 2
rfr.bz/t3o4wjg rfr.bz/t3o4wjg
3
8
Must read for every senior NodeJS developer.. from . What's Really Going On Inside Your node_modules Folder? - Socket
1
5
During his time at SPC, epitomized the builder mindset we value so much in members. We're thrilled to see Socket go public and proud to back it!
2
3
13
This is really cool. Npm supply chain attacks have become a norm. Totally agree that reactive CVE scanning is missing the point
1
2
3
I spent quite a lot of time resolving vulnerabilities (actual or not really exploitable) in my previous job. If you haven't really thought what happens when you install an npm module, you might want to read this post by
3
6
Replying to
This is 🔥
I am definitely going to look into it.
Thank you and your team for this amazing contribution to the community. �?
1
1
2
I highly recommend listening to the #482 with about #opensouce supply chain security.
They cover typosquatting attacks in npm which I didn't realize how prevalent it is.
1
3
14
Show this thread
Typosquatting attacks can lead to users installing malicious packages that execute shell/install scripts granting network & file system access.
1
1
2
Show this thread