Curated list of Javascript Realms Security resources
Due to the rise of dependencies based development, the javascript ecosystem (and the browser javascript ecosystem in particular) is far more vulnerable to what we know as “supply chain attacks” - and the ability to create new realms in javascript is being leveraged to successfully carry out such attacks against web apps.
It's time to research and learn more about javascript realms and offensive/defensive security around them.
- Snow JS ❄️ - the most secure tool out there for hermatic realms ownership
- Introduction to Snow - the rise of supply chain attacks and how it all lead to creating Snow
- Integrating Snow into MetaMask 🦊 - understanding how supply chain attacks affect web apps such as MetaMask, how MetaMask develops LavaMoat to defend against those, and why it also needs Snow
- Live demo - can you bypass snow?
- Technical explanation
- Source code