Tweet
Tweet

Slide 1

Slide 1 text

A path Towards

Slide 2

Slide 2 text

A path SECURING EVERY MODULE Towards

Slide 3

Slide 3 text

LETS TALK ABOUT These folks

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

Better CULTURAL REFERENCE

Slide 6

Slide 6 text

Better CULTURAL REFERENCE

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

You Are Probably Thinking HOW DO I SECURITY?

Slide 9

Slide 9 text

SCIENCE CAT SAYS

Slide 10

Slide 10 text

SCIENCE CAT SAYS GOOD QUESTION

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

Sort of like... TRON?

Slide 13

Slide 13 text

Sort of like... TRON? HE FIGHTS FOR THE USER, RIGHT?

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

IT turns out.... IT IS QUITE COMPLICATED

Slide 16

Slide 16 text

FIRST OFF....

Slide 17

Slide 17 text

FIRST OFF.... DISCLOSE RESPONSIBLY!

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

LIKE TO THE GOOD FOLKS AT THE NODE SECURITY PROJECT

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

THE QUESTION IS HOW DO WE FIND THEM?

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

I LED AN ACADEMIC RESEARCH STUDY LAST YEAR

Slide 24

Slide 24 text

SHOW YOUR ALMA MATER SOME LOVE

Slide 25

Slide 25 text

SHOW YOUR ALMA MATER SOME LOVE AND YES

Slide 26

Slide 26 text

SHOW YOUR ALMA MATER SOME LOVE AND YES WE WROTE A FORMAL RESEARCH PAPER AND EVERYTHING

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

ACADEMIC HCI IS A LITTLE SILLY

Slide 29

Slide 29 text

ACADEMIC HCI IS A LITTLE SILLY WHY DO LIKERT SCALES HAVE A NAME?

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

YOUR RESEARCH STUDY PLEASE TELL ME ABOUT

Slide 32

Slide 32 text

WE ASKED A A QUESTION LIKE ALL RESEARCH

Slide 33

Slide 33 text

THEIR COMMUNITIES? MODULE AUTHORS HOW DO ANSWER QUESTIONS ABOUT

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

EIGHT PROLIFIC MODULE AUTHORS SMALL GROUP OF

Slide 36

Slide 36 text

USED MOST INFREQENTLY MOST EFFECTIVE THE FEEDBACK MECHANISMS

Slide 37

Slide 37 text

USED MOST INFREQENTLY MOST EFFECTIVE THE FEEDBACK MECHANISMS GITHUB ISSUES WRITE A BLOG POST TWITTER DISCUSSIONS EMAIL A MAILING LIST

Slide 38

Slide 38 text

USED MOST INFREQENTLY MOST EFFECTIVE THE FEEDBACK MECHANISMS GITHUB ISSUES WRITE A BLOG POST TWITTER DISCUSSIONS EMAIL A MAILING LIST HOW DO WE A QUESTION LIKE THIS? BUT ANSWER

Slide 39

Slide 39 text

BY USING OF COURSE

Slide 40

Slide 40 text

MULTI-DEMENSIONAL GRAPH REPRESENTS A

Slide 41

Slide 41 text

No content

Slide 42

Slide 42 text

FROM NEW YORK I AM

Slide 43

Slide 43 text

FROM NEW YORK I AM AND SO IS

Slide 44

Slide 44 text

No content

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

ABOUT WAS ALWAYS

Slide 47

Slide 47 text

ABOUT WAS ALWAYS

Slide 48

Slide 48 text

AN ENGINEER BUT I AM ALSO

Slide 49

Slide 49 text

AN ENGINEER BUT I AM ALSO (3&".

Slide 50

Slide 50 text

AN ENGINEER BUT I AM ALSO GRAPHS RULE EVERYTHING AROUND ME

Slide 51

Slide 51 text

AN ENGINEER BUT I AM ALSO GRAPHS RULE EVERYTHING AROUND ME Dolla Dolla Bill Y all ’

Slide 52

Slide 52 text

No content

Slide 53

Slide 53 text

GRAPHS NOT THESE KINDS OF

Slide 54

Slide 54 text

A B C D E 1 2 3 4 5 A B C D E F A B C D E A B C D E F G H 6 2 8 7 9 5 7 -3 A B C D E

Slide 55

Slide 55 text

A B C D E 1 2 3 4 5 A B C D E F A B C D E A B C D E F G H 6 2 8 7 9 5 7 -3 A B C D E GRAPHS THESE KINDS OF

Slide 56

Slide 56 text

A B C D E 1 2 3 4 5 A B C D E F A B C D E A B C D E F G H 6 2 8 7 9 5 7 -3 A B C D E THESE GRAPHS DIFFERENT, OF COURSE ALL OF ARE

Slide 57

Slide 57 text

A B C D E 1 2 3 4 5 A B C D E F A B C D E A B C D E F G H 6 2 8 7 9 5 7 -3 A B C D E UNDIRECTED DIRECTECTED WEIGHTED TREES BIPARTITE

Slide 58

Slide 58 text

A B C D E 1 2 3 4 5 A B C D E F A B C D E A B C D E F G H 6 2 8 7 9 5 7 -3 A B C D E UNDIRECTED DIRECTECTED WEIGHTED TREES BIPARTITE TRANSPORATION NETWORKS INFORMATION NETWORKS MOLECULAR CHEMISTRY WIRELESS NETWORKS MAJOR LEAGUE BASEBALL DEPENDENCY MANAGEMENT

Slide 59

Slide 59 text

A B C D E 1 2 3 4 5 A B C D E F A B C D E A B C D E F G H 6 2 8 7 9 5 7 -3 A B C D E UNDIRECTED DIRECTECTED WEIGHTED TREES BIPARTITE TRANSPORATION NETWORKS INFORMATION NETWORKS MOLECULAR CHEMISTRY WIRELESS NETWORKS MAJOR LEAGUE BASEBALL DEPENDENCY MANAGEMENT SOUNDS COMPLICATED FOR my tastes. DEPENDENCY GRAPHS? I dont know

Slide 60

Slide 60 text

HIPSTER CAT SAYS

Slide 61

Slide 61 text

HIPSTER CAT SAYS ACTUALLY, IT S NOT SO BAD “ ” ’

Slide 62

Slide 62 text

WITH A PACKAGE.JSON FILE { "name": "pkg-a", "dependencies": { "pkg-b": "~1.0.4", "pkg-c": "~2.1.3" }, "devDependencies": { "pkg-d": "~3.1.2" }, "main": "./index.js" }

Slide 63

Slide 63 text

WITH A PACKAGE.JSON FILE na { "name": "pkg-a", "dependencies": { "pkg-b": "~1.0.4", "pkg-c": "~2.1.3" }, "devDependencies": { "pkg-d": "~3.1.2" }, "main": "./index.js" }

Slide 64

Slide 64 text

WITH A PACKAGE.JSON FILE nb nc nd na { "name": "pkg-a", "dependencies": { "pkg-b": "~1.0.4", "pkg-c": "~2.1.3" }, "devDependencies": { "pkg-d": "~3.1.2" }, "main": "./index.js" }

Slide 65

Slide 65 text

WITH A PACKAGE.JSON FILE nb nc nd na { "name": "pkg-a", "dependencies": { "pkg-b": "~1.0.4", "pkg-c": "~2.1.3" }, "devDependencies": { "pkg-d": "~3.1.2" }, "main": "./index.js" }

Slide 66

Slide 66 text

WITH A PACKAGE.JSON FILE nb nc nd na Now imagine this for 100,000+ packages! { "name": "pkg-a", "dependencies": { "pkg-b": "~1.0.4", "pkg-c": "~2.1.3" }, "devDependencies": { "pkg-d": "~3.1.2" }, "main": "./index.js" }

Slide 67

Slide 67 text

ONLINE WITH VIDEOS THESE TALKS ARE ALL ALREADY

Slide 68

Slide 68 text

5 5 DR. EMMETT OCTOCAT SAYS YOU VE GOT TO COME BACK WITH ME. BACK TO GITHUB! ’ “ ”

Slide 69

Slide 69 text

5 5 DR. EMMETT OCTOCAT SAYS YOU VE GOT TO COME BACK WITH ME. BACK TO GITHUB! ’ “ ” indexzero/npm-codependencies indexzero/npm-comp-stat-www indexzero/npm-static-stats indexzero/npm-pipeline

Slide 70

Slide 70 text

QUESTIONS THE GRAPH? WHAT OTHER CAN WE ASK FROM

Slide 71

Slide 71 text

No content

Slide 72

Slide 72 text

THESE QUESTIONS WHETHER YOU KNOW IT OR NOT YOU PROBABLY ASK EVERYDAY

Slide 73

Slide 73 text

NPM OUTDATED IS A PURE GRAPH QUESTION

Slide 74

Slide 74 text

DEPEND ON WHAT OTHER MODULES? WHO DEPEND ON X ALSO PEOPLE

Slide 75

Slide 75 text

USED MORE IN PRODUCTION OR IN DEVELOPMENT? ALSO IS THIS MODULE

Slide 76

Slide 76 text

THIS MODULE? “ ” MOST STABLE Version OF WHAT IS THE

Slide 77

Slide 77 text

STATIC ANALYSIS OTHER QUESTIONS NEED TO BE ANSWERED

Slide 78

Slide 78 text

A PARTICULAR METHOD? DO OTHER MODULES USE HOW OFTEN

Slide 79

Slide 79 text

VERSION X.y.Z SAFELY? BE UPGRADED TO USE CAN MY APP

Slide 80

Slide 80 text

No content

Slide 81

Slide 81 text

SO Getting BACK TO SECURITY QUESTIONS

Slide 82

Slide 82 text

SHELLSHOCK? ARE VULNERABLE TO HOW MANY MODULES

Slide 83

Slide 83 text

UNSAFE REGULAR EXPRESSIONS? OF THESE MODULES HAVE How many

Slide 84

Slide 84 text

UNTRUSTED USER INPUT? MODULES EVAL WHICH

Slide 85

Slide 85 text

COMPUTE INTENSIVE BUT IT IS INCREDIBLY

Slide 86

Slide 86 text

COMPUTE INTENSIVE BUT IT IS INCREDIBLY WHICH IS TO SAY

Slide 87

Slide 87 text

PRETTY $@ SLOW COMPUTE INTENSIVE BUT IT IS INCREDIBLY WHICH IS TO SAY

Slide 88

Slide 88 text

No content

Slide 89

Slide 89 text

NPM OUTDATED IS REALLY FAST. EVERY DAY THAT S HOW YOU CAN USE IT ’

Slide 90

Slide 90 text

YO DAWG I HEARD YOU LIKE NPM BY USING OF COURSE

Slide 91

Slide 91 text

YO DAWG I HEARD YOU LIKE NPM BY USING OF COURSE ALONG WITH DATA PIPELINE A

Slide 92

Slide 92 text

A B C D E F A B C D E F G H DEPENDENCY GRAPH AST COMPUTATION DOWNLOAD & UnTAR

Slide 93

Slide 93 text

A B C D E F A B C D E F G H DEPENDENCY GRAPH AST COMPUTATION DOWNLOAD & UnTAR DATA PIPELINE ANALYSIS WORK MODULES THE SET OF AND THE SPECIFIC CHANGES BUT, THE Stays the same DATA PIPELINE MAKING IT HIGHLY PARALLELIZABLE

Slide 94

Slide 94 text

ESPRIMA + RECAST + npm + Data pipeline = npm-pipeline

Slide 95

Slide 95 text

No content

Slide 96

Slide 96 text

GENERIC WORK TO PERFORM GENERIC MODULE AND A

Slide 97

Slide 97 text

TENS OF SECONDS FROM TENS of Minutes TO ANALYSIS TIME DOWN

Slide 98

Slide 98 text

QUESTIONS THE GRAPH? WHAT OTHER DO YOU HAVE FOR

Slide 99

Slide 99 text

THANKS {github, twitter}.com/indexzero [email protected]