top of page
NPM, "Private" Repos, and You
13 Aug 2022
Comprehensive Talk
NPM, "Private" Repos, and You
Justin Rhinehart
Abstract
Supply chain research is so hot right now! In this talk I plan on talking about how to clone the NPM metadata database, and all of the interesting repercussions of this design decision. Between exposing code from private Github repos, being able to search through all contributors email addresses, cybersquatting maintainers expired domains for account takeovers, and the interactions between .gitignore and .npmignore, there's plenty of interesting things to be covered.
bottom of page