top of page
< Back

NPM, "Private" Repos, and You

13 Aug 2022

Comprehensive Talk

NPM, "Private" Repos, and You

Justin Rhinehart

Abstract

Supply chain research is so hot right now! In this talk I plan on talking about how to clone the NPM metadata database, and all of the interesting repercussions of this design decision. Between exposing code from private Github repos, being able to search through all contributors email addresses, cybersquatting maintainers expired domains for account takeovers, and the interactions between .gitignore and .npmignore, there's plenty of interesting things to be covered.

bottom of page