The latest articles on DEV Community by nepeckman (@nepeckman). https://dev.to/nepeckman https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3067%2F11321895.png https://dev.to/nepeckman en nepeckman Mon, 22 Jul 2019 16:54:25 +0000 https://dev.to/nepeckman/have-you-ever-lost-your-job-5eh0 https://dev.to/nepeckman/have-you-ever-lost-your-job-5eh0 <p>I was recently laid off as my division was downsized. It was about as amicable as the situation could be, I left on good terms with my manager and have plenty of positive references. But I can't help feeling a little depressed. Who else here has ever lost their job? What was the experience like? How long did it take you to move past it? How was the following job search?</p> discuss watercooler nepeckman Mon, 26 Nov 2018 18:02:28 +0000 https://dev.to/nepeckman/how-do-we-improve-security-in-the-npm-ecosystem-3hmj https://dev.to/nepeckman/how-do-we-improve-security-in-the-npm-ecosystem-3hmj <p>For those who haven't seen this trending elsewhere, <a href="https://github.com/dominictarr/event-stream/issues/116" rel="noopener noreferrer">a popular npm library executed malicious code on victims' computers</a>. To summarize the thread (though it is worth a read) the maintainer of the library gave control to an unknown individual who claimed they wanted to maintain it. This individual added a dependency designed to execute some sort of malicious code, and people are still trying to figure out what the payload does. While a lot of people are playing the blame game, I'm interested in discussing what practical steps can be taken to limit this vector of attack. Should we establish a more rigorous process for giving up control of an npm module? Is our only hope better audit tools? I'm interested in any idea that addresses this security concern.</p> security javascript npm discuss