Loading…
16-17 June, 2026
Mumbai, India
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit India 2026 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
What If Npm Install Could Say No? Real-Time Defense Against Malicious Packages - Sahil Bansal, SafeDep
Wednesday June 17, 2026 4:25pm - 5:05pm IST
204 AB (Second Floor)
Every npm install or pip install pulls in dozens of packages which includes transitive dependencies no one has reviewed. This is the most unguarded moment in the software supply chain: malicious code enters a developer's machine before any CI/CD check or SBOM scan even runs.

Attackers know this. Typosquatting, dependency confusion, and pre/post-install script exploitation all target the install step specifically, because that's where defences are weakest.

In this talk, I'll discuss a different approach: guarding the package manager itself. Instead of scanning after installation, what if we could analyse packages in real-time and block threats before they execute? I'll walk through real attack patterns, explain how combining malware analysis with OS-native sandboxing makes this practical, and share what we've learned building open source tooling in this space.

You'll get to know about:
- Why install-time is the critical gap in dependency security
- How real supply chain attacks bypass pipeline-stage scanning
- Practical ways to add real-time package protection using open source tools
Speakers
avatar for Sahil Bansal

Sahil Bansal

Software Engineer, SafeDep
Sahil is a software engineer at SafeDep, where he works on open source supply chain security tooling including PMG. He has a background in systems programming, having built AtomixDB, a relational database in Go, and Runbox, a sandbox using Linux namespaces, cgroups and seccomp. He... Read More →
Wednesday June 17, 2026 4:25pm - 5:05pm IST
204 AB (Second Floor)
  Packages & Images & Containers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link