Sveriges mest populära poddar

Why NPM v12 won’t stop supply chain attacks

39 min•12 juni 2026

In this podcast episode, James Wilson is joined by Open Source Malware Security co-founder Paul McCarty to talk about the supply chain attack mitigations coming in NPM v12.

NPM disabling (by default) auto-run install scripts and dynamic dependencies is a positive step forward… but it’ll take years for this new version to be adopted, and these changes do nothing to prevent malicious packages being imported into projects.

Further, Paul thinks disabling these features by default will introduce friction that will cause them to be re-enabled. When the choice is “this builds” and “this is less prone to malware”, the former will always win.

Show notes

Fler avsnitt av Risky Business Features

Pitching security startups to VCs in the AI era

23 juni•35 min

How using open weight models can blow up in your face

19 juni•43 min

The state of the art in AI model jailbreaks

16 juni•53 min

Everything is getting much worse, much faster

5 juni•23 min

Solo podcast: A deep dive on TeamPCP

2 juni•1 tim 4 min

How to survive supply chain attacks

25 maj•37 min

How the CopyFail disclosure went sideways

21 maj•19 min

NCSC’s Ollie Whitehouse on surviving the "bugpocalypse"

18 maj•29 min

What a great agentic AI deployment plan looks like

12 maj•40 min

Mythos smythos! How to find 0day with lesser models

8 maj•1 tim 28 min

Risky Business Features med Risky Business Media finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.