Join us on July 26th at 12pm EDT to learn the scope of the supply chain threats against the open source ecosystem, specifically with a focus on npm and JavaScript. We’ll review the following types of attacks: malware, typo-squats, hidden code, misleading packages, permission creep, and more. Then, we’ll discuss best practice methods and tools for detecting and blocking supply chain attacks against open source.
In this meetup, you’ll learn:

• The scope of the supply chain threats against the open source ecosystem
• How to review our work to audit every open source package on npm to detect the following types of attacks: malware, typo-squats, hidden code, misleading packages, permission creep
• Specific examples and code walk-throughs of actual malware that was found on npm
• Existing methods and tools for detecting supply chain attacks against open source, including limitations