I'm stealing API keys from your site

Hoplon - protecting yourself from malicious packages

Posted by nietaki on December 2, 2018

Earlier this year I presented my latest project - Hoplon - at the London Elixir meetup. I’m thinking of putting some more work into it over Christmas, so I figured I might gather the materials about it in one place:

Hoplon is an Elixir developer tool that helps you validate your dependencies contain no hidden malicious code. Motivated by horror stories from the JavaScript community such as this hypothetical one and this very real one.

You can see the details and a live demo in the recorded talk.

Here’s the slides, with all their happy colourful diagrams:

Hoplon as it is right now is pretty much a proof of concept, but I’m thinking of making it a bit more production ready and adding some advanced herd-immunity type features. Keep your fingers crossed!