Loading…
November 19-21 2024
Napa, California
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the event to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Tuesday November 19, 2024 12:15pm - 12:45pm PST
Open Source projects in the JS ecosystem that are typically directly depended on are widely known: React, Babel, TypeScript, Vue, node.js, etc. These projects are affirmatively chosen by millions of humans. They get the lion's share of the (wildly insufficient) amount of available funds, contributions, sponsorships, and contributors.

What about the proverbial xkcd 2347 maintainers? Typically transitive dependencies, who are affirmatively selected by a mere dozens of humans, but whose code runs on hundreds of millions of developer machines, and serves billions of users? These projects are unknown, unsung, underfunded, and under-considered. Virtually every impactful security incident in the npm ecosystem has been due to a transitive dependency maintainer either going rogue, having their account taken over, or handing over the reins to an unvetted contributor - what levers can we apply to support these people's stability and vigilance?

As a prolific maintainer of almost entirely this category of package, Jordan Harband will offer his perspective on what proactive steps companies, governments, and individuals can take to improve this reality.
Speakers
avatar for Jordan Harband

Jordan Harband

Principal Open Source Architect, HeroDevs
Jordan Harband is an Open Source maintainer, primarily in JavaScript, and a Principal Open Source Architect at HeroDevs. He maintains many open source projects: see https://npmjs.com/~ljharb and https://github.com/ljharb, participates in TC39 (the JS language specification committee... Read More →
Tuesday November 19, 2024 12:15pm - 12:45pm PST
Silverado East
  Sustainability & Innovation in Open Source
Feedback form is now closed.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Share Modal

Share this link via

Or copy link