Award nominations

Coding Tools
0 votes

Participating events

No information about participating events


No members

npm Audit

About technology

JavaScript is the most popular software development language in the world, and JavaScript is inseparable from npm—the world’s largest registry of reusable, modular JavaScript code. 97% of the code used in web applications relies on npm packages, which are downloaded from npmjs.com more than 1 billion times per day. This prominence confers incredible responsibility upon npm, Inc., which maintains the npm developer tool and hosts the npm Registry. Because of the interrelated nature of JavaScript—the average web application now depends on over 1,000 npm packages—it is vital to detect, stop, and fix security vulnerabilities before they do widespread harm. This year, npm announced npm audit, a utility built into the npm developer tool and distributed free of charge. npm audit automatically analyzes complex package dependencies to pinpoint specific vulnerabilities. When a developer downloads code from npm, the npm audit command checks each dependency against the Node Security Platform’s record of known vulnerabilities. The report includes instructions on how to act on this information, often by simply typing a second command, npm audit fix, to automatically install secure replacement code. By alerting developers to vulnerabilities directly within a workflow they already use, based on the primary source of vulnerability data, npm audit plays a vital role in stopping the spread of unsafe code and enabling developers to share and reuse code with confidence. Since its launch in April 2018, npm audit has already audited over 4bn dependencies, warning developers of unsafe code anytime it was detected.

Press and media coverage

4/24 Application Development Trends Open Source Node.js Hits v10, with Better Security, Performance, More https://adtmag.com/articles/2018/04/24/node-js-10.aspx 4/25 App Developer Magazine [email protected] package manager brings new security features https://appdevelopermagazine.com/[email protected]/ 4/26 InfoQ Node.js 10.0 and npm 6 Released with Emphasis on Security https://www.infoq.com/news/2018/04/node-10-npm-6-released-security 5/17 Computer Business Review Flurry of New Tools Aims to Improve Open Source Software Security https://www.cbronline.com/news/security-improving-open-source-software 8/22 The Register One-in-two JavaScript project audits by NPM tools sniff out at least one vulnerability… https://www.theregister.co.uk/2018/08/22/npm_vulnerability_scanner/ 12/18 TechTarget Recent open source flaw highlights danger of social engineering hacks https://www.theserverside.com/feature/Recent-open-source-flaw-highlights-danger-of-social-engineering-hacks 12/27 TechTarget NPM security to use automated tools to boost community alerts https://searchsecurity.techtarget.com/news/252455016/NPM-security-to-use-automated-tools-to-boost-community-alerts