Safety in Node.js: NodeSource to certify NPM modules

Safety in Node.js: NodeSource to certify NPM modules
16-Mar-2017 06:30 INFOWORLD

NodeSource's Certified Modules service, intended to ensure the safety of NPM modules, becomes generally available on Thursday. Previously available only in a private beta stage, the service for Node.js was developed to address concerns over issues like security, licensing, and dependencies among the JavaScript modules. Dependencies became a major sticking point last year when removal of one package from the public NPM registry resulted in others failing.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] The company is curating all NPM packages in the registry, including different versions of these packages, and will let users know which are OK to use. Users can whitelist modules that do not meet certification criteria, such as not having a permissive license requirements.To read this article in full or to leave a comment, please click here