4/25/2018 9:57:01 AM
npm@6 package manager brings new security features
npm@6,Javascript Developers
https://appdevelopermagazine.com/images/news_images/npm-Update-2018-App-Developer-Magazine_m0t5mbmi.jpg
App Developer Magazine

npm@6 package manager brings new security features



Christian Hargrave Christian Hargrave in Open Source Wednesday, April 25, 2018
10,813

npm announced the update of their JavaScript software installer tool in order to provide their users with improved security.

npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the Node.js v10.x release line, and leverages the assets of the Node Security Platform, the definitive source of JavaScript vulnerabilities, recently acquired by npm, Inc.

In an npm, Inc. survey of over 16,000 worldwide developers, 97% of JavaScript developers confirm they use open source code, although 77% express concern about whether the open source software they use is secure, and 52% believe that there aren’t satisfactory methods for evaluating whether code is safe.

npm@6 brings protection against insecure code into the workflow that’s already used by 10 million JavaScript developers to download over 900 million packages of reusable, modular code per day.

These new protections include automatic warnings if a developer attempts to use open source code with known security issues, and `npm audit`, an npm command that allows developers to analyze complex, interdependent code to pinpoint specific vulnerabilities.

`npm audit` and insecure code warnings are available today to beta users and will roll out automatically to all users of npm@6 and the npm Registry over a period of weeks. The protections are free of charge to all users of the npm Registry with no required registration. In addition, customers of npm, Inc.’s paid offerings will receive pre-publication vulnerability disclosures, formerly a premium tier of the Node Security Platform product.

“Node.js has proven to be a reliable platform for applications at any scale. It is used across industries to build everything from APIs to cloud, mobile and IoT applications,” said Mark Hinkle, Executive Director of the Node.js Foundation. “The release of npm@6 is another great testament to the Node.js ecosystem’s focus and work on making security a top priority, and helping developers build the world’s most scalable, mission-critical JavaScript applications.”

When a user downloads code from the npm Registry, npm will review the request against the Node Security Platform database and return a warning if the code contains a vulnerability. In addition, the `npm audit` command within npm@6 will allow the developer to recursively analyze trees of dependent code to identify specifically what’s insecure. Typical packages can be analyzed in less than one second.

“Before npm security, people were just hoping for the best,” Adam Baldwin, Head of Security at npm, Inc. “Every developer needs to know that the code they use is safe. By alerting the entire npm community to security vulnerabilities within a tool they already use, we can make JavaScript development safer for everyone.”


Get your Pi Day 2019 Shirt

Love Is Like Pi Never Ending T-Shirt Math Pi day Gift Shirt. Perfect Shirt to celebrate Pi Day 2019. Great gift whether you just love Math or you are a Math Student, Teacher or similar.

475 Tax Deductions for Businesses and Self-Employed Individuals

Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.

A hands-on guide to mastering mobile forensics for iOS and Android

Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.

Gps tracker for kids

The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.

The Latest Nerd Ranch Guide (3rd Edition) to Android Programming

Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.