Presentation: Making 'npm install' Safe

Track: 21st Century Languages

Location: Broadway Ballroom South, 6th fl.

Duration: 10:35am - 11:25am

Day of week: Wednesday

Share this on:

Abstract

There’s a JavaScript package for everything. But installing a random package is a security nightmare: the installed package can access your data and send it over the network without anyone ever knowing.

But there’s hope! This talk will discuss how to minimize the risks of running third-party JavaScript. We’ll go over POLA, the Principle of Least Authority, and how object capabilities can help us grant specific, limited resources to third-party code. We’ll also cover the current efforts to enforce security boundaries in JavaScript: SES (Secure ECMAScript) and Realms.

Speaker: Kate Sills

Software Engineer @agoric

Kate Sills is a software engineer at Agoric, building composable smart contract components in a secure subset of JavaScript. Previously, Kate has researched and written on the potential uses of smart contracts to enforce agreements and create institutions orthogonal to legal jurisdictions. Kate earned her degree in CS from UC Berkeley, and is building a tiny house in her spare time.

Find Kate Sills at

Similar Talks

Psychologically Safe Process Evolution in a Flat Structure

Director of Software Development @Hunter_Ind

Chris Lucian

Let's talk locks!

Software Engineer @Samsara

Kavya Joshi

Graceful Degradation as a Feature

Director of Product @GremlinInc

Lorne Kligerman

Scaling Infrastructure Engineering at Slack

Senior Director of Infrastructure Engineering @Slack

Julia Grace

Liberating Structures at Capital One

Agile Coach, Engineering @CapitalOne

Greg Myers

Rocket-fueled Engineering & Technology Transformation @WeWork

Fellow Engineer, Developer Platform @WeWork

Hugo Haas

Tracks

Monday, 24 June

Tuesday, 25 June

Wednesday, 26 June