npm@6 package manager brings new security features
|Christian Hargrave in Open Source Wednesday, April 25, 2018|
These new protections include automatic warnings if a developer attempts to use open source code with known security issues, and `npm audit`, an npm command that allows developers to analyze complex, interdependent code to pinpoint specific vulnerabilities.
`npm audit` and insecure code warnings are available today to beta users and will roll out automatically to all users of npm@6 and the npm Registry over a period of weeks. The protections are free of charge to all users of the npm Registry with no required registration. In addition, customers of npm, Inc.’s paid offerings will receive pre-publication vulnerability disclosures, formerly a premium tier of the Node Security Platform product.
When a user downloads code from the npm Registry, npm will review the request against the Node Security Platform database and return a warning if the code contains a vulnerability. In addition, the `npm audit` command within npm@6 will allow the developer to recursively analyze trees of dependent code to identify specifically what’s insecure. Typical packages can be analyzed in less than one second.
Learn the best ways to organize your app development projects, and keep code straight, clients happy, and breathe a easier through launches.
The ultimate hands-on Linux user guide.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.
How to create a profitable, sustainable business developing and marketing mobile apps.