PodRocket

React got hacked with David Mytton

December 16th, 2025  |  37 mins 54 secs

react, security

In this episode, Noel sits down with David Mytton, founder and CEO of Arcjet, to unpack the React2Shell vulnerability and why it became such a serious remote code execution risk for apps using React server components and Next.js. They explain how server-side features introduced in React 19 changed the attack surface, why cloud providers leaned on WAF mitigation instead of instant patching, and what this incident reveals about modern JavaScript supply chain risk. The conversation also covers dependency sprawl, rushed patches, and why security as a feature needs to start long before production.

Google’s antitrust win, AI mandates, npm attacks and robots.txt

September 25th, 2025  |  41 mins 10 secs

ai, browsers, panel, security

Is the web breaking under the weight of AI crawlers, platform consolidation, and nonstop security breaches? We dive into the state of browsers, developer burnout, and whether tech regulation can actually keep up.

In this panel discussion:

• We debate if robots.txt and AI licensing standards like RSL can realistically control how AI scrapes the web.

• The fallout from DIA’s acquisition by Atlassian and what it means for indie browser innovation in a Chromium-dominated world.

• Why Google’s antitrust victory might embolden other tech giants, and what that means for competition.

• How supply chain attacks like the NPM malware and Shai Hulud worm are exploiting GitHub workflows and package vulnerabilities.

• The pushback against AI mandates at work, including Coinbase’s controversial policy requiring developers to use Copilot.

Unpacking the NPM supply chain attacks with Feross Aboukhadijeh

September 23rd, 2025  |  40 mins 9 secs

security

Feross Aboukhadijeh, founder of Socket, joins us to break down the recent wave of NPM supply chain attacks hitting the JavaScript ecosystem, including how attackers used phishing to target developers, snuck malware into popular packages like Prettier and "is", and even abused tools like Claude, Gemini, and TruffleHog.
We dig into how GitHub Actions vulnerabilities were exploited, what makes postinstall scripts risky, and and what you can do to protect yourself from future attacks.

Secure by design with Vanessa Villa

February 14th, 2024  |  Season 4  |  30 mins 15 secs

security

We welcome on Vanessa Villa, Developer Advocate at Pangea, to explain what the secure by design movement is about and how it shifts security to the beginning of the development cycle.

Security and path traversal with Liran Tal

May 23rd, 2023  |  Season 3  |  23 mins 47 secs

path traversal, security

Today, we have Liran Tal, Director of Developer Advocacy at Snyk, to talk about a security risk all developers should know about: path traversal.

Azure security with Sarah Young

October 28th, 2022  |  Season 2  |  36 mins 30 secs

azure, cloud security, microsoft, security, zero trust

Sarah Young is a Senior Cloud Security Advocate at Microsoft. Sarah joins us today to talk about Azure security, Zero Trust principles, and important investments in the security ecosystem.

1Password with Andrew Beyer

April 20th, 2022  |  Season 2  |  40 mins 7 secs

frontend, security, web development

In this episode, we talk to Andrew Beyer, senior engineering manager at 1Password, about how 1Password helps people generate and store unique passwords, how 1Password's engineering org has evolved, and the future of passwords.

Open-source supply chain security with Feross Aboukhadijeh

March 22nd, 2022  |  Season 2  |  44 mins 8 secs

open source, security, web development

Feross Aboukhadijeh is the creator of WebTorrent, StandardJS, and Wormhole. We talked to Feross about Wormhole back in June and he joins us now to talk about Socket.dev, a new security company that can protect your most critical apps from supply chain attacks.