Being a Penetration tester for years and answering such wild topic is next level for me :) , but this guys makes everything feel forget about it :)
@saikatmukherjee6962
2 жыл бұрын
This Video is Only Expected from Hitesh Sir, Love the way U teach 👏 🙌 One stop Solution to Everything Hitesh Choudhary
@HiteshCodeLab
2 жыл бұрын
Thanks 😁
@kapilkumar-rk8fe
2 жыл бұрын
@@HiteshCodeLab could you tell me the name of the song, l like that
@Akira-sh7ts
2 жыл бұрын
@@kapilkumar-rk8fe ++
@subhamadhikari
2 жыл бұрын
The way you deliver information has evolved and I wasn't expecting this way. Anyway liked it ❤
@codenamegrant
2 жыл бұрын
This was incredible. Thanks. Gonna look at some of your courses now.
@shaikmansoor1868
2 жыл бұрын
Now I understood why all of our team were running behind updating ua-parser-js version in our project last week...
@HiteshCodeLab
2 жыл бұрын
Now you know it. 🙂
@sagniksaha4179
2 жыл бұрын
Really a important video I also use a lot of npm packages and I think we should always know about their security
@HiteshCodeLab
2 жыл бұрын
Absolutely
@strikerftw8729
2 жыл бұрын
Angular & React Developers left the chat 😂
@KRoc
2 жыл бұрын
Maybe a Vericode scan could be included and if passing, append a '.vta' (vericode tested & approved) extension to the end of the version. And have the ability in the package.json to only pull in libraries with the .vta extension? Probably some issues with this, but I'd be more confident if I knew the libraries were scanned.
@dhanushholla9221
2 жыл бұрын
💯🔥spicy video 😂+informative .. hacker Hitesh 🤣
@futureprogress
2 жыл бұрын
Yeah, learning about these NPM exploits made me decide to use a VM for all local development. The other issue is NPM security warnings in CLI feel useless right now.
@futureprogress
2 жыл бұрын
@Contact From what understand WSL does minimize the attack surface but is still less secure than a full VM
@mrvaibh0
2 жыл бұрын
1:12 please tell about this... who writes these papers? what actually it contains? and how to be a part of it? (as a developer) please help through
@NithinKVarrier
2 жыл бұрын
Card on the desk. Security 😜
@HiteshCodeLab
2 жыл бұрын
Hahaha, that’s a dummy card to test
@komal6816
2 жыл бұрын
Cute how you brought about your suggestion of subscribing to your channel 😀
@arieheinrich3457
2 жыл бұрын
similar to half a year or more ago with the a different public library heavily used, with a difference that the owner of the library wanted to move maintainer role to someone else as he couldnt continue and the person he gave the trust in had malicious intent, so no hacking to the npm publishing profile was made. ANY dependencies, doesnt have to be npm, are a double edge swords', they make it easier to create software but require huge amounts of trust that is sometimes misplaced. If doesnt have to be ill intent people, just read about the left-pad incident to understand the level of trust were dealing with
@kuku687
2 жыл бұрын
Very informative, thanks Hitesh for this.
@avgaming7317
2 жыл бұрын
Truly said 👏 💯
@arjayarjay8856
2 жыл бұрын
Thanks for sharing the news
@ganeshtak4445
2 жыл бұрын
these attacks are happing because Microsoft has an offer of a 25k $ price pool, anybody who found a vulnerability in the npm package, one of my friends is also doing this.
@AmitK
2 жыл бұрын
Hitesh , I like your metalic t-shirt , I was trying to find it , please tell me where did you get it , it seems pretty light weight
@raviyadav2552
2 жыл бұрын
this give me chills
@ajayantu
2 жыл бұрын
Sir I have taken your mern course..do I need the full backend course ?
@solutionstack6413
2 жыл бұрын
If this happens in the future, how do we fix things in our package? Just npm install 🤔?
@bhargavpandya9189
2 жыл бұрын
This is scary AF!
@robertwalker2446
2 жыл бұрын
I like how our security advisor Hitesh leaves his visa card on the desk while filming. Intentional? :P
@krishnachaitanya8194
2 жыл бұрын
Just curious to know why don't we have security in place before pushing any package just like the app store which accepts only if everything is fine? If it is because so many packages per day then if security comes in place authors will also be mindful in publishing as it takes time to get published.
@harshitagupta189
2 жыл бұрын
You came up with spicy information video not just spicy video 😅..
@robokishan
2 жыл бұрын
There is debit card on your desk .? Logo looks like of hdfc bank visa card
@elamandeep
2 жыл бұрын
Your thumbnail is awesome
@HiteshCodeLab
2 жыл бұрын
Thanks 🙂
@karanparmar4318
2 жыл бұрын
can you explain what `npm audit fix` command does in brief ?
@vatsalyasinghi438
2 жыл бұрын
Can't comprehend what sort of havoc would be caused if such attacks happen to libraries like moment js, lodash or rxjs .. holy shit 😅
@shobhithap799
2 жыл бұрын
Hi Hitesh , can you make video on how to write test cases in react js
@abhishekchaudhary8965
2 жыл бұрын
This is so spicy 🔥😍😍
@Meckdenis
2 жыл бұрын
That's why DENO came in to picture
@deepa5254
2 жыл бұрын
Hi Hitesh sir. Can you make a tutorial on apache wicket framework? Or can you provide any material please?? Thanks
@peacefrog1938
2 жыл бұрын
Guess i'll use yarn
@saeedtalib8358
2 жыл бұрын
It was getting hacked by day one No matter people like us got it now
@UdayKumar-xr2me
2 жыл бұрын
Please make a course on web app security. It would be very helpful to a lot many.
@mohammedrihan839
2 жыл бұрын
Do you have any full stack web development course?
@akitibala7180
2 жыл бұрын
Tools like synk might be help this
@mohammedrihan839
2 жыл бұрын
Do this course for back end web development?
@saurabhsrivastav3012
2 жыл бұрын
Sab krlo hum first hum first
@jsdepth
2 жыл бұрын
Make a video on Remix framework
@secureitmania
2 жыл бұрын
Dependency Confusion attacked
@Akira-sh7ts
2 жыл бұрын
Outro song ?
@UdayKumar-xr2me
2 жыл бұрын
Need to have verified tag for packages.. and hash verification of packages can be done
@sandeep87raju
2 жыл бұрын
Thanks Hitesh for the informative video. I wish no hacker is able to get data of your hdfc visa card that is kept on the table. 😁
@oneito947
2 жыл бұрын
deno tries to solve that
@ashwinir5110
2 жыл бұрын
Please make videos on application security
@imkir4n
2 жыл бұрын
I always think about these
@JobinSelvanose
2 жыл бұрын
atm card on the desk 😅😁
@gouravkumarnath6476
2 жыл бұрын
I hope this is there in backend development course
@abhisheksanjaygawade1479
2 жыл бұрын
Does Django is solutions for npm
@rishiraj9131
2 жыл бұрын
🙏 Good day
@dheerajnagar9742
2 жыл бұрын
Before write first please refresh your comment box...
@hypergraphic
2 жыл бұрын
I’m seriously thinking of making a new git repo just for dependencies that have been audited and adding it as a sub module where needed. It’s definitely going to make me think really hard about adding a new dependency.
@StayAware9
2 жыл бұрын
Your credit card is kept on the table, cropped the image and cleared it using one of the ML tool card number and expiry date is exposed by you You should care more about your security than NPM's
@ManishJangir
2 жыл бұрын
Unfortunately we also became the victim of this hijacking. Our private npm registry cached that package within those 20 mins before NPM itself actually removed the compromised versions.
@chinmayhotshot
2 жыл бұрын
Otp before uploading
@adeshmahatme1988
2 жыл бұрын
your card sir
@anirudhcodes
2 жыл бұрын
npm install security
@errorcode0101
2 жыл бұрын
You are from spin the hack
@Munna_007
2 жыл бұрын
U need Urdu language Nd u see growth chanel
@BhuveshDhiman
2 жыл бұрын
😀
@martinmachua
2 жыл бұрын
You have an npm crash course,😂 and npm has been crashed already!!
@Ahmad-qy8ze
2 жыл бұрын
love from Pakistan
@user-bu6pf4dd6y
2 жыл бұрын
Fastest confirmation 🔝👍 believe me no one ☝️ does it better than this , best and fast
@yashpandey350
2 жыл бұрын
666k subs😜😜😜😜😜
@vikassrivastava6017
2 жыл бұрын
🥈
@khizrshaikh9902
2 жыл бұрын
First
@dheerajnagar9742
2 жыл бұрын
The new way.... To hack😁
@Ghulatz
2 жыл бұрын
By machines,
@user-bu6pf4dd6y
2 жыл бұрын
Fastest confirmation 🔝👍 believe me no one ☝️ does it better than this , best and fast
Пікірлер: 84