705: Is Running Random Code From npm Safe? With Feross Aboukhadijeh

In this Supper Club episode of Syntax, Wes and Scott talk with Feross Aboukhadijeh about his work on Socket which helps to make sure the code you get from npm is safe and secure. They also touch on his work on Wormhole and Web Torrent.
Show Notes
00:30 Welcome

00:57 Who is Feross Aboukhadijeh?

01:33 What is Socket?
[Socket.dev](https://socket.dev
dominictarr (Dominic Tarr)
pull-stream/pull-stream: minimal streams

03:59 Introducing AI package summaries
Example of the AI summaries
Introducing AI Package Summaries

07:04 Is Socket’s focus on visibility of a open source project?

10:01 What was the inspiration for Socket?
Introducing “safe npm”, a Socket npm Wrapper - Socket

16:22 How does Socket detect possible security issues?
Removed packages
event-source-polyfill protestware attack
john wick spam attack

18:55 How many projects are you injesting for Socket to scan?

26:00 What kinds of things are people trying to inject in code?
CS253 Web Security

29:54 How do I hook Socket up to my project or GitHub?

32:08 Do we still need to use shrink wrap?

36:34 How did you implement the torrent spec in JavaScript for WebTorrent?
WebTorrent Desktop
WebTorrent FAQ

43:11 Why did you build Wormhole?
Wormhole

47:33 How expensive is it to maintain Wormhole?
Riverside.fm - Record Podcasts And Videos From Anywhere

50:37 What do you think of decentralized code repos?
Radicle
Project Fugu
Fugu Tracker

54:29 Understanding passkeys

56:15 Supper Club questions
GitHub Theme - Visual Studio Marketplace
Web Serial API - Web APIs | MDN

01:03:04 Sick Picks
Sick Picks Harry Potter audio books
Shameless Plugs ChatGPT
Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads
Wes: X Instagram Tiktok LinkedIn Threads
Scott: X Instagram Tiktok LinkedIn Threads