Ghosts in the Machine: Tampering with the JavaScript Supply Chain | ConFoo February 2026 скачать в хорошем качестве

Ghosts in the Machine: Tampering with the JavaScript Supply Chain | ConFoo February 2026

What if the code you’re shipping isn’t yours anymore? The scariest JavaScript bugs don’t always come from your team, they come from open-source packages that have been possessed. This talk digs deep into the dark world of supply chain tampering: what it looks like, how it happens, and what modern devs can do to protect themselves. We’ll talk tamper detection, package provenance, lockfile integrity, and even how to set up GitHub Actions to ward off malevolent merges. Come for the security, stay for the stories of cursed commits. 💬 Let us know your thoughts and questions in the comments below. 🔎 Learn More About TuxCare: https://social.tuxcare.com/learnmore 🗞️ Sign Up for Our Expert-Curated Newsletters: https://tuxcare.com/newsletter/?utm_c... 🤝 Connect With Us: Twitter:   / tuxcare_   LinkedIn:   / tuxcare   Facebook:   / tuxcare   Instagram:   / tuxcare   YouTube:    / @tuxcare   📺 Subscribe to our channel for more Open Source and Cybersecurity news and insights. 👍 If you found this video helpful, please like and share it. 🔔 Turn on notifications to stay updated with our latest uploads. 📬 For business inquiries: https://tuxcare.com/ask-us-a-question... 🏷️ #TuxCare #SysAdmin #Patching #Cybersecurity #Linux #OpenSource