[QCon 2019] Making npm install safe

Kate SIlls @kate_sills

For other QCon blog posts, see QCon live blog table of contents


  • Building financial software in JavaScript
  • 97% of code in a modern web app comes from npm

Security issues

  • All packages are risky
  • Imports and global variables
  • Effects opaque
  • Can be from dependency many levels deep


  • Event stream package (11/28/18)
  • Electron native notify package (6/4/19)
  • Can call node built it modules to read a file and send it over the network
  • Targetted cryptocurrency

Options for solution

  • Write everything yourself – not scalable
  • Pay open source maintainers so someone responsible for security – people make mistakes. Even people who are paid can compromise a system
  • Code audits – don’t see everything, Hard to find clever 

Other approach

  • Preventing attacks requires infallability
  • Better to look for ways to limit damage
  • For example, would be better of if can’t import fs
  • JavaScript is good at code isolation. Clear separation between pure computation and connection to outside world

Realms – draft proposal

  • Want to be able to create realm without overhead of an iframe
  • Featherweight compartment – shares primordials/context
  • There is a realm shim now
  • Self/window not defined in the compartment

Attack – prototype poisoning

  • Save copy of original function
  • Do something bad first and then call original function so it looks right
  • SES (Secure ECMAScript)  – realms + transitive freezing/hardening
  • Can’t change prototype behavior with SES
  • npm install ses
  • SES.makeSESRootRealm()


  • Principle of least authority
  • Same as principle of least privilege
  • Reasonable to want to access file system. Can attenuate (reduce the impact of) access by wrapping fs with check for correct file name. (Not clear how prevents using original fs). Method harden protects
  • The chalk package needs process/OS access to change color
  • But can kill process and change priority of process with that access
  • Want to limit access to just what needed
  • Chalk only needs OS to get the release. Can attenuate so just have that one function to return release string.
  • Object capabilities – http://habitatchronicles.com/2017/05/what-are-capabilities/

Moddable XS

  • Only completed ECMA Script 2018 engine optimized for embedded device
  • Contains SES
  • Safe for users to install JS apps
  • Can only do specific things
  • Can add own app to washing machine

Metamask’s Sesify

  • Ethereum wallet
  • Can run Ethereum apps in browser without running full Ethereum node

Salesforce’s Locker Service

  • One of primary co-authors of Realms and SES
  • Plugin platform

Caveats for Realms

  • Work in progress
  • Have to stringify to use
  • Still in draft


  • What if add something bad? https://ocapjs.org/t/tofu-trusted-on-first-use-tool/27 Putting something bad in wrapper would show up in diff/code review.
  • How SES different than Object.freeze? Object.freeze only freezes that instance and doesn’t go up prototype chainĀ 
  • How know what functions/authorities need to provide to packages? Still developing patterns of use. For now might be trial and error. Might need changes to module.
  • Why don’t we hear about npm install attacks in other languages? Still have problems. Java can’t protect [I raised my hand and described how Sonatype helps protect Maven Central]. Worse on JavaScript because lots of tiny packages. Visibility will help in future.
  • Will this be bolted on to web frameworks? Hasn’t yet, but hope will happen.

My impressions

While I was aware of the problem, the solution (or future solution) is really interesting! She left lots of time for Q&A which was nice after yesterday. [My track didn’t have much time for Q&A in most sessions]

Leave a Reply

Your email address will not be published. Required fields are marked *