Sudhanshu Dasgupta
Sudhanshu is Software Engineer at SafeDep and core maintainer of Meshery, an open-source CNCF sandbox project. You will find him talking on open-source, web development, supply chain security, cloud-native technologies, and community building. He actively mentor and guide new contributors, helping them navigate and grow in the open-source ecosystem.
SafeDep
Software Engineer
Session
You run npm install. Three seconds later, your AWS keys are gone. Sound dramatic?
It happened to 500+ developers in September 2025.
Most of the places you'll heard what went wrong. This one shows you how attackers think, so you can think one step ahead. We'll walk through real attacks on open source supply chains (the stuff you install every day) and show you the exact moment where things go sideways. No jargon. No assuming you're a security expert. Just honest explanations of how modern attacks work and what you can actually do about it.
You'll learn how attackers pick their targets (hint: dormant packages nobody's watching), what they automate (everything), and why traditional security tools keep missing obvious threats. We'll demo simple, open source tools you can run right now to check if your projects are already compromised and show you how to catch malicious packages before they hit your codebase.
This isn't theory. These attacks are happening today. Let's stop making it easy for them.