JavaScript supply chain security

Presented at LocoMocoSec 2019, April 18, 2019, 11:30 a.m. (30 minutes)

In an npm survey of over 33,000 worldwide developers, 99% of JavaScript developers confirm they use open source code, 83% express concern about whether the open source software they use is secure, and 58% believe that there aren’t satisfactory methods for evaluating whether code is safe. npm is the worlds supplier of JavaScript, a very important piece of the dependency supply chain. In this talk Adam will discuss the current security state of the JavaScript ecosystem, what security challenges it faced and what npm has done and continues to do to make this supply chain more secure.


  • Adam Baldwin / EvilPacket - npm   as Adam Baldwin
    Adam Baldwin is VP of Security at npm Inc., the company that powers the world’s JavaScript. An information security professional with over 24 years of experience, Adam has spent his career building companies, breaking into companies, managing teams, designing products, and talking about security non-stop. Previously, Adam founded ^Lift Security, a successful application security and penetration testing service company, and the Node Security Platform, an initiative to track vulnerabilities in the JavaScript ecosystem. The project evolved into a SaaS platform at the forefront of the continuous security movement. Both were acquired by npm, Inc. in early 2018.


Similar Presentations: