Video: I Run Code From the Internet!

Rate this content
Bookmark
npm packages are unsanitized inputs from the internet that we run without much scrutiny, so we need to address the issue of malicious packages. Lavamote offers proactive runtime protections to automatically detect and mitigate threats. Lava Mode uses Hardened JavaScript to provide isolation and enforce a policy for your application's build process. The talk introduces a webpack plugin for those who don't want to use the browserify ecosystem. Lavamote's behavior is explored, showcasing how it restricts package access to certain properties. Beta testing is open to gather feedback and improve Lava Mode.

This talk has been presented at React Advanced Conference 2023, check out the latest edition of this React Conference.

Zbyszek Tenerowicz
Zbyszek Tenerowicz
20 min
23 Oct, 2023

Comments

Sign in or register to post your comment.