Who really published this package? Am I getting the same package this person published? Does this package have vulnerabilities? Is this package malware? These are questions we all ask about packages on the npm registry, and the answers are important to us as we develop services and applications with the code shared there. C J Silverio, CTO of npm, Inc, tells you how you can answer these questions and what npm is doing to allow the node world to share code with confidence.
If you were given a magic wand that would remove all implementation flaws from your web application, would it be free of security problems? If it took you more five seconds to say “No!” (or if, worse, you said “Yes!”), then you’re the target audience for this talk. If you’re in the target audience, don’t fret, much of the security community is there with you. After this talk, attendees will understand why the answer to the abovementiond question is an emphatic “No!” and they will learn an approach to decrease their chance of failing to consider an important vector of attack for their current and future web applications.
Node.js is a community centric platform. It grew with individuals and startups into something that’s used at a massive scale today.
With the io.js split and the resulting Node.js Foundation, where is that integral community now? Where is it going? And, most importantly, how can you get involved?
From spew streams to suck streams, Streams are a little understood corner of Node.js that are utilized in almost every internal module and across thousands of NPM packages. How exactly did Streams come to exist? How do they vary from version to version of Node.js? This talk will cover the technical history of “Streams” ranging back to UNIX pipes, and describe along the way how “Streams” derive from fundamental concepts of information technology.
Small group discussion on tips for reducing maintainer burden.