Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
Before you import another person’s library, or install new packages, always be wary of the dependencies it can add, especially the security issues that may come with it. Just because a package is open-source does not mean it’s secure.
New Terms
Pen Test or "Penetration Tests" are used to evaluate the security of computer systems. A methodical approach is required to maintain both the integrity of the results and the stability of the systems being tested. Read more from the SANS Resources.
Red Team Testing or Red Teaming, is a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access. This process is also called “ethical hacking” since its ultimate purpose is to enhance security. Ethical hacking is an “art” in the sense that the “artist” must posses the skills and knowledge of a potential attacker (to imitate an attack) and the resources with which to mitigate the vulnerabilities used by attackers. Read more at SANS.
Further Reading:
-
Left-Pad How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript, by Chris Williams
-
Maliciously named packages A Malicious Module on NPM, by Adam Baldwin
Trusting 3rd-party libraries on Treehouse:
- Treehouse Video: How to Find and Choose Packages, by Andrew Chalkley
- Treehouse Blog: Evaluating a Package for your Project: The Good, the Bad, and the Ugly
- BlendConf: Ain't No Party Like A Third-Party JS Party, by Rebecca Murphy
Requires Treehouse Pro or Techdegree Account Access
Other reading about trusting 3rd-party libraries:
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up