Determining Who Bears the Burden of Ensuring NPM Module Security

Episode 48 · December 18th, 2016 · 23 mins 19 secs

About this Episode

With the ever-expanding growth of Node.JS, developers and enterprises may find themselves facing security issues as they work with often third party and open source modules within their projects. A question continuously debated by the community aims to dissect which party the onus of ensuring modules are secure falls upon. Is it the original module creator? If a project is open source, some argue that since these contributions are created out of sheer goodwill for the betterment of the community, the burden of ensuring their security falls upon those using them. Others say that it is the responsibility of module creators to code in such a way that their module is as secure as it can be from the start.

On today’s episode of The New Stack Makers, TNS Founder Alex Williams spoke with Snyk CEO Guy Podjarny and CEO of Trace by RisingStack Gergely Nemeth during the Node.js Interactive conference to discuss the ways that security should be addressed not only within the Node.js community, but the larger open source ecosystem as a whole.

Watch on YouTube:
Read more at: