Beginner

Supply Chain Security for npm Teams

Name: Supply Chain Security for npm Teams
Price: 42000 JPY

Lockfiles, provenance, and dependency review rituals for fast-moving JavaScript monorepos.

Cover art for Supply Chain Security for npm Teams

Overview

You practice npm provenance verification, Sigstore cosign basics, and Renovate tuning. Labs include bilingual README templates for open-source contributions from JP engineers.

Duration: 3 weeks · 20 hours · Format: Bootcamp weeks · Language: English · Certificate: Not included

Price (informational): ¥42,000

What is included

Monorepo policy examples for pnpm and Yarn Berry
Emergency rollback drills for poisoned packages
Contributor verification checklist
SBOM diff review session

Outcomes

Enable provenance checks on CI without blocking hotfixes
Document emergency unpublish procedures
Ship contributor guidelines that mention security expectations

Lead mentor

Mateo Silva

Open-source maintainer focused on sustainable security reviews for JS ecosystems.

FAQ

Other package ecosystems?

Concepts translate, but exercises stay npm-first; Maven labs are not included.

Private registries?

Limitation?

Experience notes

Rollback drill exposed that our on-call runbook still referenced npm 6 flags — fixed same night.

Jiro · Frontend platform · 5/5

Client in fintech — contributor checklist reduced noisy drive-by PRs dramatically.

Anonymous

Return to catalog Request information