Submit to your local DSC chapter CFPSubmit now!

DSC Germany

Protecting my Node.js Project of Dependency Confusion Attacks

with Juan Picado


Having a private registry as part of a stack is getting a popular trend due to the benefits that it brings to your organization. But a misconfigured registry can open the door to malicious individuals. This talk is about how to secure a Node.js project from dependency confusions and other possible attacks using a Verdaccio registry as proof of concept.


Application Security
Open Source
Secure Development
Security Transformation
Threat Modeling

Juan Picado

Senior Front-End Engineer at eBay Classifieds Group

About Juan Picado

Senior Front-End Engineer at eBay Classifieds Group based in Berlin, building front-ends for classifieds like Kijiji Autos in Canada. He is a passionate JavaScript engineer, contributes to open source almost every day and is the lead maintainer of Verdaccio (mostly in his spare time). His goal is to help the Node.js ecosystem to keep a free and open private registry accessible for all developers.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy