Jo Franchetti
Jo is an Engineer at Deno. She is passionate about improving developer experience, advocating for TypeScript and teaching good use of the web. She mentors junior developers, advocates a lot for mental health awareness and is devoted to improving the diversity and inclusivity of the tech industry.
npm install && pray
Node Congress 2026
Node Congress 2026Upcoming
npm install && pray
We all know the ritual: add a dependency, trust it implicitly, ship it to production. For years, that worked well enough. But now the attacks have started getting smarter.
Supply chain attacks targeting the npm ecosystem aren't theoretical anymore. Malicious packages that steal credentials, hijack environment variables or silently exfiltrate data over HTTP are showing up in minor version bumps. The JavaScript ecosystem's greatest strength, its openness, has become its greatest liability.
And then we handed our keyboards to AI.
AI assistants are, of course, useful. But they introduce a new category of risk: code you didn't write, don't fully understand, and may never review fully enough. Models can leak API keys into generated output, AI-written code can accidentally delete files, their code can make unintended network calls, or worse. And if someone's poisoned the training data, your AI might do this on purpose.
In this talk, we'll walk through real examples of threat vectors, demonstrate how Deno's permission system can stop a supply chain attack in its tracks, and explore how sandboxing your code execution can give you a genuinely safe environment to run AI-generated code without the overhead of standing up Docker infrastructure.
You'll leave with a clearer picture of the threat landscape and practical tools to execute code you might not trust.
Supply chain attacks targeting the npm ecosystem aren't theoretical anymore. Malicious packages that steal credentials, hijack environment variables or silently exfiltrate data over HTTP are showing up in minor version bumps. The JavaScript ecosystem's greatest strength, its openness, has become its greatest liability.
And then we handed our keyboards to AI.
AI assistants are, of course, useful. But they introduce a new category of risk: code you didn't write, don't fully understand, and may never review fully enough. Models can leak API keys into generated output, AI-written code can accidentally delete files, their code can make unintended network calls, or worse. And if someone's poisoned the training data, your AI might do this on purpose.
In this talk, we'll walk through real examples of threat vectors, demonstrate how Deno's permission system can stop a supply chain attack in its tracks, and explore how sandboxing your code execution can give you a genuinely safe environment to run AI-generated code without the overhead of standing up Docker infrastructure.
You'll leave with a clearer picture of the threat landscape and practical tools to execute code you might not trust.
Testing the Waters With Deno
JSNation 2025
JSNation 202524 min
Testing the Waters With Deno
Let’s dive into the world of testing with Deno’s built-in test runner! Come on in, the water’s lovely!We’ll kick things off by exploring the principles of effective testing, perfect for beginners dipping their toes in. Then, we’ll introduce Deno’s out-of-the-box test runner.With the Deno.test API, you’ll be jetting in no time. We’ll cover how to write assertions and see firsthand how they help ensure your code behaves as expected.To wrap things up, we’ll explore writing tests that will be familiar to those experienced with Jest and Vitest, using Deno and its standard library. You’ll gain practical knowledge on how simple Deno makes setting up your testing environment, structuring your test cases, and optimizing your testing workflow.Whether you’re a seasoned developer or new to Deno, this talk will provide the tools and knowledge you need to confidently navigate the waters of testing in your Deno projects and make a splash with your testing skills!