EPISODE · Nov 1, 2025 · 1H
Guarding the JavaScript Supply Chain: Preventing NPM Attacks with Feross Aboukhadijeh - JSJ 695
from JavaScript Jabber · host Charles M Wood
Hey everyone—it’s Steve Edwards here, and in this episode of JavaScript Jabber, I’m joined by returning guest Feross Aboukhadijeh, founder of Socket.dev, for a deep dive into the dark and fascinating world of open source supply chain security. From phishing campaigns targeting top NPM maintainers to the now-infamous Chalk library compromise, we unpack the latest wave of JavaScript package attacks and what developers can learn from them.Feross explains how some hackers are even using AI tools like Claude and Gemini as part of their payloads—and how defenders like Socket are fighting back with AI-powered analysis of their own. We also dive into GitHub Actions vulnerabilities, the role of two-factor authentication, and the growing need for “phishing-resistant 2FA.” Whether you’re an open source maintainer or just someone who runs npm install a little too often, this episode will open your eyes to how much happens behind the scenes to keep your code safe.🔗 Links & ResourcesSocket.dev – Protect your open source dependenciesFeross Aboukhadijeh on X (Twitter)GitHub Actions Security Best PracticesTruffleHog Blog – On secrets exposure in Git reposBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
What this episode covers
Hey everyone—it’s Steve Edwards here, and in this episode of JavaScript Jabber, I’m joined by returning guest Feross Aboukhadijeh, founder of Socket.dev, for a deep dive into the dark and fascinating world of open source supply chain security. From phishing campaigns targeting top NPM maintainers to the now-infamous Chalk library compromise, we unpack the latest wave of JavaScript package attacks and what developers can learn from them.Feross explains how some hackers are even using AI tools like Claude and Gemini as part of their payloads—and how defenders like Socket are fighting back with AI-powered analysis of their own. We also dive into GitHub Actions vulnerabilities, the role of two-factor authentication, and the growing need for “phishing-resistant 2FA.” Whether you’re an open source maintainer or just someone who runs npm install a little too often, this episode will open your eyes to how much happens behind the scenes to keep your code safe.🔗 Links & ResourcesSocket.dev – Protect your open source dependenciesFeross Aboukhadijeh on X (Twitter)GitHub Actions Security Best PracticesTruffleHog Blog – On secrets exposure in Git reposBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
NOW PLAYING
Guarding the JavaScript Supply Chain: Preventing NPM Attacks with Feross Aboukhadijeh - JSJ 695
No transcript for this episode yet
Similar Episodes
Jun 25, 2026 ·65m
Jun 24, 2026 ·17m
Jun 22, 2026 ·92m
Jun 18, 2026 ·53m
Jun 17, 2026 ·14m
Jun 15, 2026 ·69m