The Attacker is Inside: Javascript Supplychain Security and LavaMoat

Visit the to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.

We all use open source, it is the wealth of the commons that forms the foundations we all build on. While this is incredibly empowering, we may be inviting the devil to dine with us. This talk examines software supplychain attacks in the javascript and crypto ecosystems and how to keep your app, wallet, and users safe. We’ll look at the free and opensource tool LavaMoat that protects MetaMask.

Speaker(s): Kumavis, Naugtur
Skill level: Intermediate
Track: Security
Keywords: security,javascript,development

Follow us:,
Learn more about devcon:
Learn more about ethereum:

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 – 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit

Comments are closed.