Software Supply Chain Security: Addressing NPM Malware Threats for JavaScript Developers

In this enlightening presentation on software supply chain security, expert Jossef Harush Kadouri addresses the evolving threats associated with NPM malware, particularly for JavaScript developers. Kadouri explains the fundamental concept of the software supply chain, demonstrating how vulnerabilities can emerge during the code contribution and deployment phases. Through real-world examples, he highlights the importance of safeguarding against malicious contributions that exploit open-source dependencies. He further discusses the significance of two-factor authentication and risk monitoring in maintaining security within these ecosystems. This engaging talk equips developers with essential insights and actionable strategies to protect their software projects from emerging threats.