Securing Third-Party Code: Using Open Source Packages Without Compromising Security

Modern web development is full of open source code on both the server and the client. While great, this large and growing use of dependencies also represents a risk. What do you know about the packages used in your code? Do its authors understand and care about security? Does it have known vulnerabilities? Could it accidentally expose private data? Can we be certain its authors are malicious or compromised?

This practical guide shows you how to use open source code without compromising security. Chock full of data, tools, and best practices to help you control risk and enjoy the open source productivity boost responsibly.