NPM, "Private" Repos, and You

Supply chain research is so hot right now! In this talk I plan on talking about how to clone the NPM metadata database, and all of the interesting repercussions of this design decision. Between exposing code from private Github repos, being able to search through all contributors email addresses, cybersquatting maintainers expired domains for account takeovers, and the interactions between .gitignore and .npmignore, there's plenty of interesting things to be covered.