![Node.js Adds Experimental Support for TypeScript](https://cdn.sanity.io/images/cgdhsj6q/production/5fa307ef6135347f38e009b4da8cebcb3b9a386a-1948x1336.png?w=400&fit=max&auto=format)
Security News
Node.js Adds Experimental Support for TypeScript
Node.js has added experimental support for TypeScript, a move that highlights the growing importance of TypeScript in modern development.
Security News
Application Security
Sarah Gooding
February 6, 2024
Socket CEO Feross Aboukhadijeh was recently a guest on the CyberBytes podcast with host Steffan Foley where they discussed open source software and common mistakes companies make when it comes to supply chain security.
Feross highlighted the pressure developers face to ship features rapidly, often without full awareness of the open source code they are utilizing. Security teams don’t want to impede developers moving fast but at the same time are struggling with the challenge of securing massive dependency trees, which are frequently comprised of thousands and thousands of dependencies — source code that almost nobody reads.
The inspiration for Socket came from Feross’ experience creating the Wormhole app with more than 1,000 dependencies. He interviewed more than 40 CISO’s about how they vet their open source dependencies for supply chain attacks and found that most were still tethered to traditional SCA tools that only catch known vulnerabilities. It’s for this reason Socket was designed to drill down into the code of each dependency and analyze it for malicious behavior.
This podcast episode explores the hacker mindset and the complex problem of protecting against threat actors who are naturally inclined to poke at systems. Open source security is currently experiencing a major platform shift towards a more proactive approach, as companies can no longer afford to be obsessed with vulnerabilities to the exclusion of supply chain attacks.
Check out the episode on Spotify or watch the video on YouTube.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Node.js has added experimental support for TypeScript, a move that highlights the growing importance of TypeScript in modern development.
Product
Check out what's new at Socket with our Product Changelog. It tracks all public-facing updates, improvements, and fixes so you can take full advantage of our features.
Security News
In the latest Risky Biz Podcast episode, Socket CEO Feross Aboukhadijeh discussed the limitations of the National Vulnerability Database (NVD) in addressing the modern risks associated with using open source package registries.