►
From YouTube: Making 'npm install' Safe
Description
AD:
Level-up on the software skills most in-demand at QCon San Francisco Software Development Conference on Oct 24-28, 2022.
Uncover emerging software trends and practices to solve your complex engineering challenges, without the product pitches.
QCon San Francisco brings together the world's most innovative senior software engineers, architects and team leads across multiple domains to share their real-world implementation of emerging trends and practices.
Save your spot now: https://bit.ly/3MA2tgN
-------------------------------------------------------------------------------------------------------
Video with transcript included: http://bit.ly/2YZNEMp
Kate Sills talks about some of the security issues using NPM packages, the EventStream incident that created a security breach in a package, and Realms and SES (Secure ECMAScript) as possible solutions to NPM package security vulnerabilities.
This presentation was recorded at QCon New York 2019: http://bit.ly/2KFk7SO
The next QCon is QCon London 2020 – March 2-4, 2020: http://bit.ly/2VfRldq
For more awesome presentations on innovator and early adopter topics check InfoQ’s selection of talks from conferences worldwide https://bit.ly/2tm9loz
#JavaScript #Security #NPM
A
Hi
everyone
I'm
so
excited
to
be
here.
This
is
my
first
cute
con
and
today,
I
want
to
talk
about
making
NPM
install
safe
code.
Has
power.
There's
this
great
quote
from
the
structure
and
interpretation
of
computer
programs,
and
it
says
in
effect
we
conjure
the
spirits
of
the
computer
with
our
spells.
A
We
conjure
the
spirits
of
the
computer
with
our
spells.
So
as
programmers,
we
have
tremendous
power
and
this
power
can
be
used
for
good
and
it
can
be
used
for
evil
code
can
read
our
files.
It
can
delete
our
files,
it
can
send
all
of
our
data
over
the
network.
It
can
steal
our
identity
drain,
our
bank
account
and
much
more.
A
My
name
is
Kate
sills
and
I
work
for
a
start-up
called
the
goreck
and
there's
two
things
that
you
should
know
about.
A
gorrik
number
one
we're
building
a
smart
contract
framework
that
we
hope
can
handle
millions
of
assets
or
millions
of
dollars
in
assets
and
number
two
we're
doing
it
in
JavaScript.
So
this
probably
sounds
like
a
terrible
idea
and
we'll
talk
about
how
we're
able
to
do
that.
But
first
can
I
get
a
show
of
hands
who
primarily
is
a
JavaScript
developer?
A
So
categoric
we're
at
this
intersection
of
cryptocurrencies
and
third-party
JavaScript
code.
We
use
a
lot
of
JavaScript
packages
and
it
turns
out
that
this
intersection
is
just
really
an
A+
target
for
attackers.
It's
just
really
kind
of
like
a
Italian
chef,
kissing
fingers
type
of
situation.
So
what
exactly
is
going
on
here
so
NPM?
They
have
some
great
stats.
They
say
that
there's
over
1.3
billion
downloads
of
NPM
packages
on
an
average
Tuesday.
So
that's
a
lot
of
downloads
and
JavaScript.
Has
this
rich
culture
of
code
Reeves?
So
here's
some
more
stats
from
NPM.
A
There
are
over
800,000
packages
and
NPM,
making
it
the
largest
open
source
code
repository
in
the
world
and
the
average
modern
web
application
has
over
1,000
dependencies.
So
if
we
look
at
something
like
create,
react
app,
which
is
supposedly
bundling
together
all
of
the
dependencies
that
you
need
as
a
beginning,
react
developer
that
has
over
1,700
dependencies.
So
so,
there's
a
lot
of
code
reuse
going
on
here.
A
Npm
has
this
great
quote:
they
say
that
97%
of
the
code
in
a
modern
web
application
comes
from
NPM
and
an
individual
developer
is
responsible
only
for
the
final
3%
that
makes
their
application
useful
and
unique.
We
can
think
of
all
the
time
that's
saved
by
not
having
to
reinvent
the
wheel.
That's
hundreds
of
millions
of
coding,
hours,
saved
and
I
think
this
is
a
really
beautiful
example
of
the
kind
of
cooperation
that
humankind
is
capable
of.
We
should
be
proud.
Npm
should
be
proud
of
everything
that
they've
accomplished.
A
We
have
this
rich
civilization
of
code.
We
have
specialization,
we
have
experts,
we
don't
have
to
build
everything
ourselves
and
as
long
as
we
can
rely
on
all
of
these
package
developers
to
be
good
people
we're
fine,
but
not
everyone
is
good.
Not
everyone
is
good.
All
the
time
and
people
make
mistakes.
A
What
happens
when
it
goes
bad
well
using
other
people's
code
is
risky
and
it's
risky
because
basically,
whatever
a
package
we
install
can
do
whatever
it
wants.
There
are
no
restrictions
and
we
may
not
find
out
what
happens
until
it's
too
late,
so
in
real
life.
We
also
have
this
rich
ecosystem
right.
We're
able
to
buy
and
use
the
things
that
other
people
create.
A
We
don't
have
to
grow
our
own
food
or
sew
our
own
clothes,
but
imagine
if
everything
that
you
bought
all
of
the
interactions
that
you
had
throughout
the
day
that
coffee
that
you
bought
at
the
airport.
Imagine
if
that
had
the
power
to
completely
take
over
your
life.
That
would
be
ridiculous.
It'd
be
absurd,
but
that's
a
situation
that
we're
in
right
now
with
JavaScript
packages.
We
can't
safely
interact
with
the
things
that
other
people
have
made
without
it
potentially
ruining
us.
A
So
let's
look
at
how
authority
works
in
nodejs
and
I'm
gonna
focus
on
node.js
for
a
bit
here
and
by
Authority
I
mean
the
ability
to
do
things
so
Authority
in
node
comes
through
imports
through
these
two
require
and
it
comes
through
global
variables,
and
it
turns
out
that
anyone
or
anything
can
import
modules,
especially
the
node
built-in
modules,
and
they
can
use
global
variables
and
the
effects
of
this
use.
It's
often
opaque
to
the
user,
so
there's
no
notification
that
says
alert
alert.
A
Your
files
are
being
sent
over
the
network,
it's
all
opaque
to
the
user,
and
imports
can
happen
in
dependencies.
That
are
many
levels
deep,
and
this
means
that
all
packages
are
potentially
risky.
So
something
that
seems
like
it's
doing
something
simple
and
confined
could
have
malicious
code.
That's
actually
doing
a
lot
more
and
node
provides
no
mechanisms
to
prevent
this
kind
of
access.
A
So
to
illustrate
this,
let's
imagine
that
we're
building
a
web
application
and
we
want
to
add
a
little
excitement.
So
let's
say
we
install
this
package.
Add
excitement
that
just
takes
in
a
string
and
it
adds
a
exclamation
point
to
it.
So
if
this
notation
isn't
familiar,
that's
just
a
template
literal.
So
it's
adding
an
exclamation
point
to
a
string.
Okay,
so
our
Hello
turns
into
hello-
and
you
know
so.
This
is
very
simple
right.
A
It's
just
string
manipulation,
but
it
turns
out
that
add
excitement
could
actually
be
written
like
this,
so
we
have
the
same
functionality,
we're
adding
an
exclamation
point
to
a
string.
So
from
the
users
perspective,
we
get
the
same
effects.
Hello
gives
us
hello,
but
we
are
also
importing
the
file
system.
A
So
this
code
is
simplified
a
little
bit,
but
I
think
you
can
see
what's
going
on
here,
just
through
access
to
FS
and
access
to
HTTPS
any
attacker
through
the
installation
of
any
package
could
be
able
to
read
all
of
our
data
and
send
all
of
it
over
the
network.
So
in
the
cryptocurrency
world,
where
we're
dealing
with
Bitcoin
wallets
that
have
private
keys,
this
is
a
big
deal.
This
is
a
problem.
A
Let's
go
over
the
steps
to
read
any
file,
so
all
we
have
to
do
is
we
have
to
get
the
user
or
another
package
to
install
our
package
then
step
two.
We
have
to
import
the
node
built
in
module,
FS
step
three,
we
have
to
know,
or
we
can
guess
the
file
path
and
there
are
no
penalties
for
guessing
and
that's
it.
That's
all
we
have
to
that's
all
we
have
to
do
so.
A
When
we
look
at
this,
we
see
that
all
we
had
to
do.
We
just
had
the
import
FS
and
then
we
were
able
to
read
the
file
and
send
it
over
the
network,
and
this
actually
is
a
pattern
of
attacks.
So
you
might
have
heard
of
the
event
stream
incident
that
happened
last
November
and
what
happened
there
was
that
there
was
an
open
source,
JavaScript
developer,
Dominic
Tarr,
who
had
over
a
hundred
open
source
packages
that
he
was
maintaining.
A
So
a
volunteer
came
up
to
him
and
said
you
know
what
I
would
really
like
to
take
over
the
event
stream
package.
I'll.
Take
that
off
your
hands
and
Dominic
Chara
said
great,
but
it
sounds
great,
so
this
volunteer
made
some
changes
and
he
actually
added
a
malicious
dependency
and
that
malicious
dependency
to
the
event
stream
package.
A
It
targeted
a
specific
cryptocurrency
wallet
and
what
it
did
was
that
it
tried
to
take
the
Bitcoin
private
keys,
send
it
over
the
network,
exfiltrate
them
and
ultimately
steal
Bitcoin,
and
we
saw
this
this
pattern
again
just
this
month.
So
this
also
the
electron
native
notify
package.
It
also
had
a
malicious
dependency
that
tried
to
target
cryptocurrency
wallets
it
added
a
malicious
package
as
a
dependency,
and
it
required
access
to
the
file
system
and
the
network,
so
NPM
was
able
to
stop
this
attack.
A
Luckily,
but
I'm
sure
there
are
many
attacks
like
this,
that
we're
gonna
see
in
the
future
that
if
we
don't
do
something
to
prevent
it,
we're
gonna
see
this
pattern
again
and
again.
What
are
the
solutions?
Well,
one
of
the
solutions
is
to
write
everything
yourself
and
believe
it
or
not,
there's.
Actually,
there
are
actually
companies
out
there
that
are
doing
just
this
in
the
cryptocurrency
world
because
the
stakes
are
so
high,
so
they
are
writing
everything
themselves.
A
This
is
a
real
solution,
but
obviously
it's
not
a
very
good
one,
and
it's
not
very
practical
for
all
of
us
here.
It's
not
very
scalable.
If
I
had
to
write
everything
myself,
I
would
not
get
very
much
done
and
we
would
lose
the
millions
of
coding
hours
that
we've
saved
by
reusing
other
people's
code.
So
I
don't
think
this
is
a
a
practical
solution.
Another
solution
that
people
have
proposed
is
pain,
open-source
maintainer.
So
at
least
there's
someone
responsible
for
the
security
of
the
package.
A
I
think
this
is
a
good
solution,
I'm
not
against
it.
But
you
know.
Even
when
someone
is
paid
to
maintain
a
package,
they
still
may
be
compromised
people
make
mistakes.
I
think
we
will
still
see
that
that
this
attack
will
happen,
even
if
we
have
people
who
are
responsible
for
the
security
of
the
packages
and
then.
Lastly,
the
solution
that
people
recommend
its
code,
audits
and
code
audits
are
great,
but
they're
not
a
panacea.
They
don't
solve
everything
and
there
are
things
that
code
audits
miss.
So
here's
some
code,
courtesy
of
David
Gilbertson.
A
Does
anyone
know
what
this
code
does
any
guesses?
Okay?
So
what
this
code
is
actually
doing?
It's
doing
a
fetch.
It's
doing
a
window,
dot
fetch.
So
this
is
accessing
the
network,
but
if
we
were
doing
a
code
review,
we
would
probably
never
guess
that
so
how
it's
able
to
do
this
is
that
Const
I
is
actually
fetch,
shifted
over
one
character,
yeah
and
then
self
is
an
alias
for
a
window.
A
A
If
we
go
back
to
the
steps
to
read
any
file,
we
see
that
a
lot
of
these
solutions,
they're
focused
on
number
one.
They
want
us
to
only
install
packages
that
we
trust
and
they
want
us
to
be
able
to
trust
the
open
source
code,
maintained,
errs
and
I.
Think
this
is
admirable
and
I
don't
I,
don't
want
to
stop
people
from
doing
this,
but
I
think
what
we
should
really
be
focusing
on
is
step
number
two
and
step
number
three.
A
So
what
would
happen
if
the
malicious
code
tries
to
import
FS
and
it
just
can't,
or
it
knows
the
file
path?
That
knows
the
file
name,
but
it
can't
use
it.
It
just
can't
access
those
files,
there's
a
great
quote
from
Alan
Karp.
That
kind
of
goes
towards
this
point.
He
says
the
mistake
isn't
asking:
how
can
we
prevent
attacks
when
we
should
be
asking?
How
can
we
limit
the
damage
that
can
be
done
when
an
attack
succeeds?
The
former
assumes
infallibility.
A
The
latter
recognizes
that
building
systems
is
a
human
process,
so
if
we
were
actually
able
to
focus
on
preventing
the
import
of
SF
xr/e
FS
and
making
sure
that
even
if
someone
does
know
the
file
path
or
they
can
guess
the
file
path,
but
it's
of
no
use
to
them.
How
would
we
do
that?
What
we
actually
need
is
code,
isolation,
and
it
turns
out
through
an
accident
of
history.
Javascript
is
especially
good
at
code.
A
Isolation
javascript
has
a
clear
separation
between
pure
computation
and
access
to
the
outside
world,
and
if
we
severed
that
connection
to
the
outside
world,
we
can
actually
get
rid
of
a
lot
of
the
harmful
effects,
and
this
is
not
true
of
other
languages.
If
you
look
at
something
like
Java,
it
doesn't
have
this
clear
separation
so
actually,
as
JavaScript
developers,
we're
actually
in
a
really
really
good
place
here.
A
For
being
able
to
do
this
code,
isolation
in
JavaScript,
we
already
have
the
concept
of
a
realm,
so
each
web
page
is
its
own
realm
and
JavaScript
that
executes
sin.
One
would
pick
one
web
page
can't
effects
JavaScript
that
executes
sin
another.
So
a
ROM
is
roughly
the
environment
in
which
code
gets
executed
and
it
consists
of
objects
that
must
exist
before
code
starts
running.
So
these
are
objects
like
object,
object,
prototype
array,
dot,
prototype
push
things
like
that,
and
it
also
consists
of
a
global
object
and
global
scope.
A
So
this
was
the
concept
behind
a
tc39
standards
proposal
called
realms.
What
if
we
could
actually
create
these
realms
without
the
overhead
of
the
iframe
without
the
DOM,
and
what,
if
we
could
do
it
in
a
very
lightweight
and
easy
way?
So
creating
a
new
realm
creates
a
new
set
of
these
primordial.
These
objects
that
we
get
at
the
start
of
our
code
running
as
well
as
a
new
global
object
and
global
scope,
and
a
realm
is
an
almost
perfect
sandbox.
Whatever
code
is
isolated
in
a
realm
is
isolated
from
the
rest
of
the
world.
A
A
Now
the
roms
API
allows
us
to
create
another
type
of
Rome
known
as
a
featherweight
compartment
and
basically,
rather
than
duplicating
all
of
the
primordial
so
array
prototype.
That
sort
of
thing
sorry
array
object
prototype
that
sort
of
thing
a
featherweight
compartment
I
just
shares
them,
and
this
makes
the
compartment
much
much
lighter.
A
So,
like
I
said,
this
is
a
proposal
before
a
tc39
which
is
the
JavaScript
Standards
Committee,
it's
at
stage
two.
So
this
is
the
stage
at
which
it's
still
a
draft,
so
we're
looking
for
input
on
the
syntax
and
the
semantics,
and
things
like
that
and
we're
hoping
to
push
it
forward
so
that
it
actually
gets
put
into
the
JavaScript
language
itself.
A
A
Okay,
so
we've
string
a
fied
it.
Let's
just
evaluate
it,
to
see
what
happens
so
that
that
actually
worked
fine.
It
was
just
that
the
attacker
URL
wasn't
defined,
but
that
attack
succeeded
now
if
we
use
realm
and
we
make
a
compartment
and
then
we
evaluate
that
code
in
that
compartment.
Well,
it
turns
out
that
self.window,
all
of
those
things
they're
just
not
defined
so
that
fetch
it
just
doesn't
work.
A
There
we
go
all
right
so
so
we
have
these
featherweight
compartments
and
we're
sharing
these
primordial
x',
but
we
still
have
a
problem
because
we're
sharing
these
primordial
x'
and
there's
a
thing
called
prototype
poisoning
and
what
prototype
poisoning
does
is
that
it
actually
resets
these.
These
objects
that
we
get
these
primordial
x'
and
it
sets
them
to
other
values.
So
here's
an
example
of
an
attack.
Our
attacker
is
taking
an
array,
dot,
prototype
dot
map
and
it's
actually
setting
it
to
something
else
and
it's
saving
the
original
functionality.
A
Using
sus
is
very
easy:
it's
a
package
right
now,
so
you
can
do
NPM
install
sets
and
then
you
just
require
it.
I
you
say,
makes
us
root
realm,
and
then
you
evaluate
the
code.
Now
you
might
have
noticed
in
the
the
video
that
I
showed
that
you
actually
have
to
stringify
it
the
code.
So
this
is
a
developer
ergonomics
issue
that
we're
still
working
out,
but
you
do
have
to
stringify
anything
that
you
want
to
try
to
evaluate
in
the
safe
way.
A
A
Well,
there's
this
thing
called
Pola
and
Pola
stands
for
the
principle
of
least
Authority.
You
may
have
also
heard
this
as
the
principle
of
least
privilege,
but
Paula
doesn't
sound
as
great,
so
we're
gonna
stick
with
Pola
and
what
Pola
means
is
that
we
should
grant
only
the
authority
that
is
needed
and
no
more
so.
We
should
eliminate
ambient
and
excess
authority.
A
What
is
no
ambient
Authority
mean
so
ambient
Authority
is
easy
access
without
any
specific
grants.
So,
in
our
example,
with
the
add
excitement
package
that
we
installed,
we
saw
the
access
to
FS
and
access
to
HTTPS
because
they
were
built
in
note
modules.
We
didn't
have
to
ask
anyone,
the
attacker
could
just
say
import
or
require,
and
it
got
that
Authority.
So
that's
an
example
of
ambient
Authority.
A
We
also
should
not
have
excess
authority,
so
in
that
example,
in
the
add
excitement
example,
it
didn't
need
any
authority
at
all
right,
so
it
was
taking
in
a
string
and
it
was
returning
a
string.
It
didn't
need
access
to
anything,
but
it
had
access
to
the
file
system
in
the
network.
So
if
we
were
to
actually
rewrite
this
under
Pola,
it
wouldn't
have
the
authority
to
do
any
of
that.
A
A
So
here's
an
example
of
how
you
might
use
it.
I
thought
it
was
very
simple
and
pretty
stupid,
but
I.
Let's
say:
first,
we
want
to
add
it
to
do
pay
bills,
and
then
we
want
to
add
another
to
do.
Do
laundry
and
we
add
a
third
to
do
pack
fork
Yukon,
and
this
is
priority
high,
because
it's
really
important
and
when
we're
able
to
display
it
and
when
we
display
it
through
chalk,
we
see,
we
have
pay
bills.
Do
laundry
and
pack
freak
Yukon
is
in
red
because
it's
really
important.
A
If
we
analyze
the
authority,
things
get
a
little
interesting.
So
our
simple
commands
line
to
do
app.
It
needs
to
use
FS
right.
It
needs
to
use
the
file
system
because
it's
it's
saving
to
the
file
it's
reading
from
the
file.
That
makes
sense.
It
also
uses
minimus
like
I,
said
and
minimus
just
takes
in
arguments.
So
that's
it's
pretty
much
a
pure
function.
It
doesn't
need
a
lot
of
Authority
chalk.
A
On
the
other
hand,
does
something
really
interesting-
and
this
is
a
very
widely
used
NPM
package
it
uses
a
package
supports
color
and
supports
color
needs
to
use
process
and
it
needs
to
use
OS
and
processes.
A
global
variable
provided
by
node
OS
is
one
of
the
built-in
node
modules
when
these
are
both
a
little
dangerous.
So
let's
look
at
that,
so
if
you
have
access
to
process,
then
you
can
call
process
kill
and
you
can.
You
can
kill
any
process
that
you
know
the
process
idea
and
you
can
send
various
signals
as
well.
A
So
so
that
sounds
great.
This,
the
simple
package-
that's
just
supposed
to
you-
know,
turn
the
color
of
our
logs
to
green
this.
It's
able
to
do
this
if
we
have
access
to
OS
we're
also
able
to
set
the
priority
of
any
process.
So
all
we
need
to
do
is
just
know
the
process
ID
and
we
can
set
the
priority.
So
this
is
this
is
crazy,
but
this
is.
This
is
how
the
javascript
package
ecosystem
works.
Right
now
is
that
things
that
we
think
are
really
simple
can
be
doing
all
of
these
things.
A
So
if
we
want
to
enforce
Pola,
then
we're
going
to
need
to
attenuate
access
and
we
want
to
attenuate
access
in
two
ways.
We
want
to
attenuate
our
own
access
to
FS
and
we
want
to
attenuate
chalks
access
to
OS
and
process
to
attenuate
our
own
access
to
FS.
Let's
first
create
a
function
that
just
checks
the
file
name,
and
if
it's
not
the
file
that
we
expect,
if
it's
not
the
to-do
app
path,
then
we'll
throw
an
error.
That's
pretty
simple
and
we'll
use
this
function
when
we
actually
attenuate
FS.
A
So
this
is
a
pattern
that
you'll
see
again
and
again
in
this
kind
of
attenuation
practice,
and
what
it's
doing
is
that
it's
taking
the
original
FS
from
note-
and
it's
saying
you
know
what
we
don't.
Actually
we
don't
need
the
whole
FS.
What
we
actually
need
is
a
pinned
file
and
we
need
to
create
read
stream,
and
we
only
need
those
two
things
and
not
only
do
we
only
need
those
two
things.
We
only
need
them
for
this
one
file.
So
what
we're
able
to
do
is
we're
able
to
create
a
new
object.
A
We
harden
it
easing
sess.
That
means
that
it's
frozen,
it
can't
be
modified
and
it
only
has
two
methods:
it
has
a
pin
file
and
it
has
create
read
stream
and
within
those
methods
it
checks
for
the
file
name.
It
checks
to
see
if
it's
what
we
expect
and
then,
if
it's
not,
it
throws
an
error.
So
this
is
an
attenuation
pattern
that
we're
actually
able
to
use
on
our
own
access
to
FS.
You
might
ask:
why
do
we
actually
want
to
restrict
our
own
access?
That
seems
crazy.
A
A
How
do
we
attenuate
chalks
access
to
OS
and
process?
Well,
first,
let's
solve
the
ambient
authority
issue.
So
instead
of
chalk
or
supports
color
just
being
to
import
OS
and
use
process,
let's
actually
pass
those
in.
Let's
make
it
a
functional,
a
functional
design
here.
So,
let's
change
chalk
to
take
in
osm
process
and
let's
change
supports
color
to
take
in
OS
and
process,
and
it
turns
out
that
chalk
only
needs
OS.
This
really
powerful
package.
It
only
needs
OS
to
know
the
release
and
releases
just
a
string
that
returns.
A
It
returns
a
string
identifying
the
operating
system
release
and
the
reason
why
it
does.
This
is
because
there's
a
certain
color
of
blue
I
guess
that,
like
doesn't
show
up
well
on
certain
windows
computers.
So
this
is
that's
the
only
reason
why
it
needs
this
authority.
So
that
means
that
we
can
actually
attenuate
this
and
we
can
reduce
it
down
to
a
much
smaller
authority.
We
can
say
we
can
say
that
we're
going
to
attenuate
OS,
we
take
the
original
OS
module
and
we
create
a
new
object
that
just
gives
that
strength.
A
We
can
do
the
same
thing
to
process,
but
it
does
need
a
bit
more
of
process.
So
we
see
the
same
pattern.
We
provide
it
with
Inge
with
platform
with
versions
and
so
forth,
but
there's
something
else
interesting
that
we
can
do
here.
We
can.
Actually.
We
can
lie
we,
don't
we
don't
have
to
tell
it
the
truth
all
right,
so
we
can
say
that
our
platform,
I'm
running
out
I,
have
a
Mac
right
now
we
can
say
that
our
platform
is
actually
when
32
and
this
dependency
won't
know
the
difference
right.
A
So,
if
you've
liked
these
patterns,
if
you've
liked
the
attenuation
and
the
virtualization,
you
might
really
like
a
programming
paradigm
known
as
object
capabilities,
and
the
main
message
in
object
capabilities
is
that
we
don't
separate
designation
from
Authority.
So
it's
a
it's
an
access
control
model
that
is
not
identity
based.
You
can
kind
of
think
of
object
capabilities
as
kind
of
a
key
versus
having
a
list
of
people
who
are
approved
to
do
certain
things.
A
So
it's
kind
of
like
a
car
key
and
what's
really
great
about
object
capabilities
is
that
it
makes
it
very
easy
for
us
to
enforce
Pola
and
to
do
it
in
creative
ways
we
can
own.
We
can
give
just
the
authority
that
we
need
to
people.
We
don't
have
to
have
complicated
permission
lists.
We
can
just
do
it
with
objects,
and
it
also
makes
it
really
easy
to
reason
about
Authority,
because
it
turns
out
that
the
reference
graph,
what
things
have
accessed
you
is
the
graph
of
Authority.
A
So
we
can
see
if
this
actually
has
no
access
to
this.
It
doesn't
have
that
authority,
we're
protected
from
that.
So
if
you're
interested
in
more
on
object
capabilities,
there's
a
there's,
this
great
post
by
Chip
Morningstar
at
habitat,
chronicles
comm
I,
really
encourage
you
to
check
it
out,
but
object
capabilities.
Allow
us
to
do
some
really
cool
things
in
enforcing
Pola.
I
want
to
go
over
house.
S
is
used
today.
A
So
first
moddable
mountable
is
a
company
that
does
javascript
for
the
internet
of
things,
and
so
this
is
things
like
your
Whirlpool.
Washing
machine
might
have
JavaScript
running
on
it
and
they
have
an
engine
excess.
It's
the
only
complete
Atma
scripts
2018
engine
optimized
for
embedded
devices
and
they're
the
first
engine
to
implement
SAS
or
secure
Atmos,
and
what's
really
cool
about
this.
Is
that
because
they
have
the
security
because
they
have
this
code
isolation,
they
can
actually
allow
users
to
safely
install
apps
written
in
JavaScript
on
their
IOT
devices.
A
So
you
can
imagine
you
have
you
know
your
oven,
your
washer,
your
your
light
bulb
and
you're
able
to
control
all
of
those
things
with
code
that
you
write
and
the
manufacturer
can
let
you
do
that,
because
it's
safe
because
they've
isolated
your
coat
and
it
can
only
do
certain
things
like
make
the
light
change
color.
So
that's
really
cool!
That's
really
exciting!
A
Another
company
that
has
been
using
realms
and
cest
is
known
as
meta
mask
meta
mask
is
one
of
the
main
etherium
wallets,
and
what
they're
able
to
do
is
that
they're
able
to
allow
you
to
run
aetherium
apps
without
having
to
run
an
aetherium
full
node
and
they
actually
have
over
200,000
JavaScript
dependencies.
So
you
can.
You
can
tell
that
they're
very
eager
to
be
able
to
isolate
this
third-party
code
and
make
this
safe.
A
A
Lastly
salesforce,
who
has
been
one
of
the
primary
co-authors
of
realms
since
s
they're
using
cess
right
now
in
their
locker
service.
So
this
is
an
ecosystem
of
over
5
million
developers
and
their
locker
service
is
a
plugin
platform,
so
you
can
create
third-party
apps
people
can
install
them
in
salesforce,
and
so
it's
really
really
important
to
them.
Since
this
handles
a
lot
of
people's
business
data
that
these
third
parties
apps
are
so
they're
using
a
version
of
this
right
now
in
locker
service.
A
Now,
I
want
to
be
clear
about
the
limitations.
So,
like
I
said,
this
is
a
work
in
progress.
We're
still
solidifying
the
API
we're
still
working
on
performance.
There
are
definitely
developer
ergonomics
issues
like
I
mentioned.
You
actually
have
to
stringify
the
modules
to
be
able
to
use
them
right
now,
so
we're
working
on
fixing
that
and
it's
still
stage
2
in
the
tc39
process.
A
So
what
that
means
is
that
cess
is
able
to
provide
nearly
perfect
code
isolation,
it's
scalable
it's
resilient.
It
doesn't
depend
on
trust,
it
doesn't
depend
on
us,
trusting
these
open-source
developers
and
it
enables
object
capability
patterns
like
attenuation.
That
I
think
are
very
powerful
but,
most
importantly,
it
allows
us
to
safely
interact
with
other
people's
code
and
we
can
use
your
help.
A
So
here
are
the
three
repos
that,
if
you're
interested
you
can
look
at
theirs
proposal
realms
at
tc39,
there's
the
realm
shim
at
agaric
and
seda
gorrik,
and
please
take
a
look
at
these
things
play
around
with
them.
We
would
appreciate
and
love
your
comments,
your
pull
requests.
All
of
that
we
could
definitely
use
your
help.
So
thank
you.
So
much
I
really
appreciate
the
invitation
to
be
here
and
I'm
open
to
your
questions.
Thank
you.
B
Yeah
so
with
like
content,
security
policy,
like
report
only
I
can
say:
okay
here
are
places
where
you
know
I
set
up
policy,
but
we're
asking
for
something:
that's
beyond
and
that's
gonna
trigger,
potentially
problems
down
the
road
is
there
anything
with
with
SEFs
where
I
could
say.
Okay,
here
are
the
things
that
are
requesting
file
system
or
we're
not
yeah.
A
So
so,
if
I
understand
the
question,
it's
is
there
any
way
with
sus
that
we
can.
We
can
kind
of
record
the
intention
or
what
we're
allowing
things
to
do.
Is
that
right?
Yes,
so
so,
yes,
it's
still
a
work
in
progress,
but
people
have
been
building
tools
to
be
able
to
do
that.
So
there
is
a
tool
called
tofu
or
trust
it
on
first
use
and
what
it
actually
does
is.
A
It
creates
a
declarative,
manifest
of
all
of
the
authorities
that
all
of
the
packages
that
you're
using
actually
use
so
when
something
uses
FS,
it
says
you
know
this.
This
package
uses
FS,
so
it's
kind
of
like
a
package
lock
JSON
or
something
like
that,
and
you
can
see
where,
if
a
package
does
all
of
a
sudden
requests
more
authority
well,
first
of
all,
it
won't
get
it
like
it's
restricted
only
to
what's
declared
in
the
file.
A
But
if
you
do
want
to
try
to
grant
it
that
authority,
then
that
actually,
if
you're,
if
you're
doing
a
pull
request
or
something
like
that,
that'll
show
up,
and
if
and
you
can
say
now
you
know
hold
on-
do
we
really
want
the
simple
string
function
to
have
access
to
this
this
and
this
so
so
people
are
working
on
that
it's
still
work-in-progress.
But
if
you
google
assess
tofu,
it
should
come
up.
A
It's
a
great
questions.
First,
the
question
was:
how
is
this
different
than
object?
Freeze
so
object
dot.
Freeze
it
only
freezes
that
particular
object
and
it
doesn't
go
so
javascript
has
prototypal
inheritance
and
it
doesn't
go
up
the
prototype
chain
to
actually
freeze
any
of
the
primordial
Zoar.
The
prototypes
and
things
like
that.
So
when
we
see
prototype
poisoning
when
we
do
object,
dot
freeze,
it
doesn't
actually
prevent
that.
So
what
you
need
to
do
is
you
need
transitive
freezing.
B
I
know
yeah,
you
talked
about
the
shock
package
and
that
we
could
prevent
access
to.
It's
always
start
release
by
just
virtually
telling
it
that
you're
on
win32
or
something.
But
how
do
I
know
that?
That's
the
only
thing
that
it
needs
the
OS
package
for
without
going
through
the
core,
and
then
would
that
mean
that
I
need
to
analyze
entire
code
of
all
the
packages
that
I'm
importing
right.
A
Right,
so
the
question
was:
how
do
I
know
the
authorities
that
the
packages
are
using
and
do
I
have
to
go
through
all
of
the
code
in
that
package,
or
is
there
a
simpler
way
that
I
can
do
that?
So
so
we're
still
kind
of
developing
the
patterns
of
use
for
these
kinds
of
tools,
but
I
think
this
goes
back
to
the
tofu
tool
that
has
been
built.
So
let's
say
that
that
you
don't
actually
want
to
spend
any
time
on
security
whatsoever.
A
A
Oh
s,
dot
release,
so
something
like
tofu,
something
that
creates
this
kind
of
declarative,
manifest
based
on
the
authority
that
you're
able
to
that
your
packages
are
using
would
actually
be
able
to
attenuate
it
to
that
point
automatically,
which
is
great,
but
the
other
thing
that
you
can
do
if
you
want
to
try
to
really
attenuate
things
further,
is
that
you
can
just
you
can
just
try
running
it
in
complete
isolation
and
see
what
fails
so.
So
it's
not
a
perfect
solution.
It'll
take
some
time
you
may
have
to
rewrite
the
module.
A
B
Hey
so
I'm,
not
a
JavaScript
developer
as
well,
but
I
have
this
amazing
question
so
when
you
said
like
the
three
things
that
we
can
do
to
like,
you
know
prevent
malicious
code
from
running
on
our
machine.
One
was
like
to
write
code
ourselves,
otherwise
to
pair
maintain
or
to
maintain
or
third
is
to
limit
for
missions
so
like
with
NPM
how
we
do
NPM
install
and
add
a
dependency
and
wrong
like
other
language
tags
like,
for
example,
Python.
B
A
So
that's
a
great
question.
The
question
was
we
hear
a
lot
about
problems
with
NPM
install,
but
there
are
other
languages
that
have
other
package
managers
and
why
don't
we
hear
about
attacks
that
go
through
them?
Why
don't
we
hear
about
that?
So
I
think
it's
a
number
of
things.
The
first
thing
is
that
those
those
languages
and
those
package
managers
they
are
not
protected,
so
they
still
have
problems.
They
haven't
actually
solved
the
problem,
and,
what's
more,
is
that,
given
the
language,
it
may
actually
be
harder
to
achieve
this
kind
of
code
isolation.
A
So
I
mentioned
Java,
for
instance,
it
doesn't
have
this
clear
separation
of
pure
computation
and
outside
effects,
so
it
can
actually
be
harder
to
achieve
that
kind
of
code.
Isolation,
but
I
think
the
reason
why
we
hear
about
it
so
much
in
the
news
why
we
hear
about
npm
install'
attacks,
so
much
is
that
javascript
is
so
widely
used.
It's
the
most
widely
used
language
and
it
has
this
culture
of
creating
really
tiny
packages
and
creating
a
lot
of
them.
A
B
B
Want
to
respond
to
that
question
for
Java
Java
doc
actually
does
have
protections
on
the
type
which
is
one
of
the
large
binary
repositories,
monitors,
maven,
central
and
large
feeder
repositories.
It's
part
of
their
business
model
to
do
it
for
certain
customers
and
that
winds
up
protecting
the
ecosystem.
So
while
they
can't
protect
it
from
getting
into
the
repository,
they
can
protect
it
from
spreading
very
quickly.
I
do
not
work
for
sonnet
site,
but
it's
a
nice
benefit.
Thank.
A
B
Do
you
think
that
the
security
kind
of
will
be
pushed
to
like
the
package?
Maintainer
is
to
be
able
to
say
my
package
requires
only
these
few
things
and
you
can
see
that
when
you're
installing
or
do
you
think
it'll
be
on
the
consumer
to
say
these
are
the
only
things
I
want
to
allow
like
kind
of
like
a
secure,
Linux
kind
of
a
thing,
or
you
think
it
can
be
a
combination
of
both
going
forward.
A
So
I
actually
think
it'll
be
both
and
I.
Think
that
there's
this
quote
that
says,
like
you
know:
I'm
gonna
butcher
it.
But
it's
someone
who
can
look
into
the
future
and
see
you
know
see
cars
and
all
those
things
you
know
that's
great,
but
someone
who
can
see
into
the
future
and
see
traffic,
then
they're,
really
looking
ahead
and
I.
Think
I
think
you're
really
looking
ahead
here.
A
So
I
think
that
the
package
maintainer
there's
gonna,
be
this
burden
on
the
package,
maintainer
x',
to
explain
the
authorities
that
they're
using
and
it's
gonna
be
seen
as
really
sloppy.
Really,
you
know
just
just
really
gross
to
be
doing
something
simple
and
to
be
using
all
of
these
authorities
and
and
allowing
that
kind
of
access
the
ambient
and
excess
authority
that
I
was
talking
about
so
I
think
I.
A
Think
we're
gonna
see
a
programming
practice
come
to
pass
where,
if
you're
not
doing
this
kind
of
attenuation,
if
you're
not
being
careful
about
the
authorities
that
you're
using
then
you're
gonna
be
a
bad
developer
and
I
think
that's
gonna
be
driven
by
usage.
So
we
could
imagine
a
world
in
which
NPM
kind
of
highlights
what
kind
of
authorities
are
being
used
and
if
you
have
a
choice
between
two
packages
as
a
user
and
one
of
them
takes
all
of
these
authorities
and
another
doesn't
well
you're
gonna
choose
the
one.
A
B
B
A
B
A
So
the
question
was
so:
JavaScript
has
added
class
2
to
the
JavaScript
standard
recently
and
does
that
help
with
code
security?
So
it's
funny
that
you
should
mention
that
our
chief
scientist,
Ida
gorg,
who
is
previously
at
Google
Mark
Miller,
is
on
the
tc39
Standards
Committee
and
a
Gorkhas
is
part
of
the
tc39
Standards
Committee
and
Mark
really
hates
class
for
some
reason
and
I'm
not
exactly
sure
why?