and as one of the great partners of @nodehub_web3 #nodesummit

3. Is this OSS attack method (including social engineering maintainers) totally unexpected? No, this is not an unexpected attack - many folks in the industry have been talking about the risk of open source maintainer burn out for years. There’s a commonly shared xkcd cartoon (called "Dependency") people use to describe this vulnerability all the time. I even gave a talk in 2018 at the @NodeSummit about how social engineering could be used to target open source security maintainers, gain trust, and infiltrate libraries with vulnerabilities in exactly the way it was used by this attacker. What is surprising here are the potential lengths the attacker went to over the course of multiple years to develop enough trust to pull this attack off.

@NodeSummit is still my favorite conf ever

@NodeSummit again 🙏

I miss NodeSummit too. There was such great energy, learning, and friendship.

bring @NodeSummit back!

I really like what @heroku did at the last NodeSummit conference - instead of plain old swag, they gave out pre-filled credit cards of $5 each that you can spend them on @opencollect and by that support the open source projects that you care about. Very thoughtful of them ❤️

Thanks! What a fantastic event!

@NodeSummit If you decide to host more node Summits, for the love of Nod(e), please use @webflow instead of WordPress

I met @rohitcolinrao at @NodeSummit in San Francisco where he attended a workshop with @jasnell and myself. Due to some bad luck, he is now homeless. Let’s help him getting back on his feet: gofundme.com/f/homeless-due-…

The first picture was from @ISACANews WCISC Winnipeg event where @Comey and I were the 2 keynotes. The big height difference made for interesting photos! Next is my keynote at @NodeSummit. Then we have photo by @stokfredrik during my @securityfest keynote, then @SAINTCON keynote!

I can't explain how I'm feeling right now, this was my first international talk in the Node Global Summit, and I'm very very veeeery happyyyyy! thanks @GeekleOfficial for the opportunity and to all my friends of the brazilian tech communities! #NodeGS #node #nodeSummit

Thank yoooooou <3

Interesting library shared by @ShaneeRadz github.com/mondaycom/node-ex… in async hooks talk 🚀 #nodesummit

Dude this whole thread is so wholesome I’m reading it for like the fifth time

That is really awesome. I started the Node course on Codecademy but was struggling. After looking through this thread, I’m excited to get to it again!

It was really great to meet you there! hopefully we will meet again on another event!

My favourite video about node 💯

It's what basically every other Node logger library trained people to do

whoah, like in-process :o ?