Eval all the strings! - Hardened JavaScript

Zbyszek Tenerowicz

TalkTalk

"Eval all the strings! - Hardened JavaScript"

Being able to run someone else's code without the negative consequences is the ultimate supply chain security. What if I told you it's possible? Limit access to globals for a package? Sure. Control if a package can access network or file system? Yup, that too. And no more prototype pollution. I'll start by replacing eval() with good(), get to TC39 proposals and then all the way back to what you can practically use right away!

Date:
05 Oct 2022
Time:
11:00 UTC | 11:00 UTC
Length:
25 min
Add to CalendarShare on Twitter

"Full-stack developer and technology researcher. Built and operated over 30 Node.js powered applications in production at Egnyte Inc. Currently working on JavaScript security as part of the LavaMoat team at MetaMask.
| "

About Zbyszek

Full-stack developer and technology researcher. Built and operated over 30 Node.js powered applications in production at Egnyte Inc. Currently working on JavaScript security as part of the LavaMoat team at MetaMask. Open-source enthusiast. Enjoys discovering and teaching advanced concepts for diagnostics, security and maintainability. One of the oldest members of meet.js Poland community - both as a speaker and organizer. @naugtur https://naugtur.pl

The speakers