Your weekly celebration of JavaScript and the web. This show records LIVE on Thursdays at 1pm US/Eastern time. Panelists include Jerod Santo, Feross Aboukhadijeh, Kevin Ball, Amelia Wattenberger, Nick Nisi, Divya Sasidharan, Mikeal Rogers, Chris Hiller, and Amal Hussein. Topics discussed include the web platform (Chrome, Safari, Edge, Firefox, Brave, etc), front-end frameworks (React, Ember, Angular, Vue, etc), Node.js, web animation, SVG, robotics, IoT, and much more. If JavaScript and/or the web touch your life, this show’s for you. Some people search for JSParty and can’t find the show, so now the string JSParty is in our description too.
What's in your package.json?
Tobie Langel, Open source strategist and Principal at UnlockOpen, joins Chris, Feross, and Amal to discuss recent widespread incidents affecting the JavaScript community (and breaking CI builds) around the globe. Two widely used npm libraries were self-sabotaged by their single maintainer, yet again, highlighting the many gaps in our OSS supply chain security, sustainability and overall practices. We explore all these topics and solution on what our ecosystem needs to be more resilient to these types of attacks in the future.
Join Changelog++ to support our work, get closer to the metal, and make the ads disappear!
Sponsors
-
Sentry – Working code means happy customers. That’s exactly why teams choose Sentry. From error tracking to performance monitoring, Sentry helps teams see what actually matters, resolve problems quicker, and learn continuously about their applications - from the frontend to the backend. Use the code
CHANGELOG
and get the team plan free for three months. - Changelog++ – You love our content and you want to take it to the next level by showing your support. We’ll take you closer to the metal with no ads, extended episodes, outtakes, bonus content, a deep discount in our merch store (soon), and more to come. Let’s do this!
- Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
Featuring
- Tobie Langel – Twitter, GitHub, Website
- Amal Hussein – Twitter, GitHub
- Feross Aboukhadijeh – Twitter, GitHub, Website
- Christopher Hiller – Twitter, GitHub, Website
Notes and Links
- Open source developer corrupts widely-used libraries, affecting tons of projects - The Verge
- Tobie’s tweet thread on this self-sabotage
- Tobie’s talk on OSS Sustainability
- Working in Public | A book by Nadia Eghbal
- Four types of OSS projects mentioned in Nadia’s book
- Renovate | A Dependency Management Bot
- Dependabot | Another OSS Dependency Bot
- Sustain OSS | A space for conversations about sustaining open source
- Tidelift
- SBOM - Software Bill of Materials (official US Government Site & Docs)
- Software Bill of Materials’ — Not just good for security, good for business | The Hill
- Executive Order on Improving the Nation’s Cybersecurity
- Tidelift’s SBOM generation service
- Popular NPM package UA-Parser-JS poisoned with cryptomining, password-stealing malware | The Daily Swig
- Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure / Ford Foundation
- Socket (Security project that Feross is working on)
- Does open source need its own Priority of Constituencies?
- Unlock Open
- who accused me of co-founding npm