524: Package Security with Feross Aboukhadijeh from Socket

Feross Aboukhadijeh talks with us about web security, what Socket aims to help with, how Socket compares to Depandabot or Sync, how they analyze all the data for Socket, and what things developers should be thinking about with regards to security in their apps.


, ,


Feross Aboukhadijeh

Feross Aboukhadijeh

Web // Twitter

Founder + CEO
of Socket Security, Stanford lecturer, Open source at
Web Torrent, and StandardJS.

Time Jump Links

  • 01:40 Guest introduction
  • 03:30 Is Socket for JavaScript only or other langauges as well?
  • 07:05 Issues with open source
  • 14:18 Sponsor: Reflect
  • 15:47 What Socket can check for in packages
  • 17:56 How do you get started with Socket?
  • 22:49 How much should developers care about security?
  • 30:09 Packages gathering telemetry
  • 32:22 How does Socket compare to Dependabot or Sync?
  • 34:28 Sponsor: Notion
  • 36:43 Where does Socket live in my workflow?
  • 41:01 Can I run npm without scripts that autorun?
  • 42:49 What do you teach at Stanford?
  • 51:24 What do you think of typed languages?
  • 55:04 How do you analyze all the data?
  • 56:52 What did you write Socket in?

Episode Sponsors 🧡