Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s data.
We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues.