Exploits & Supply Chain
Understand package.json, dependency versioning, npm exploits, and how to defend your project.
7 lessons in this module
Progress 0%
1
Understanding package.json and Dependency Versioning
Learn how package.json and version ranges affect security; semantic versioning and lockfiles.
2
Anatomy of npm Exploits — Real-World Attacks
Real-world npm exploits, supply chain attacks, and how attackers compromise packages.
3
Defending Your Project — npm Security Best Practices
Lockfiles, npm audit, 2FA, and secure CI/CD practices.
4
Security Tooling — Scanners, Auditors, and Automated Defense
npm audit, Snyk, Socket, Trivy, and SBOMs.
5
Build Your Own npm Vulnerability Scanner
Hands-on: building a simple vulnerability scanner.
6
Containerized Development and Testing with Docker
Secure Docker images, multi-stage builds, and scanning containers.
7
Incident Response and Putting It All Together
Responding to supply chain incidents and hardening your workflow.