Announcing npm Enterprise Security Add-On

With the explosive growth of Node in the enterprise comes the need for confidence in the security of open source software that businesses rely on.

The Node Security team audits modules Enterprises depend on and then surface this security information in the Node Security Platform. For years, our nsp tool has been a pivotal source of intelligence on vulnerabilities in Node dependencies.

Beginning today, nsp’s security vulnerability notices will be exposed conveniently right inside of npm Enterprise.

Stay in your workflow

We strongly believe developers should have useful security information at their fingertips to make decisions about what modules to use and rely upon.

The npm Enterprise Node Security add-on provides this information in the sidebar of the module detail page. It looks like this:

npm Enterprise sidebar with Node Security

This notice shows if a module has known vulnerabilities or not and a more detailed security report available via the link provided.

Give the security team a break

Dependency trees are commonly hundreds of modules deep and new versions are published often. As we’ve heard firsthand from many people, this puts a significant burden on internal enterprise security teams. Giving developers this security knowledge helps them make good choices when it comes to which modules to use passing internal audits with ease—and lets the security folks focus on the world of other challenges they’re facing.

Coming soon: Verified Modules

One of the best features of using any Node Security related service is the team standing behind it.

The Node Security team is constantly auditing the top modules in the npm eco system and is available to audit the modules you depend upon. We know that having a list of known vulnerabilities could be made a lot better by knowing if a security expert has audited a module or not and so we’re going to surface that information to you too.

Later this week, we’ll be publishing more information on verified modules. (Shhh, don’t tell anybody, but this feature will initially only be available to npm Enterprise customers.)

Take npm Enterprise for a spin with a free trial

Visit npmjs.com/enterprise to begin a free trial of npm Enterprise with add-ons and get module security information right inside your workflow. The Node Security add-on trial is enabled by default, so it’s easy to try it out.