Popular Topics

Topics

About

Policies

Our Network

More

Paul Krill
by
Editor at Large

Enterprise NPM users to get help with security, licensing

news
Jul 5, 20162 mins

Third parties are being enlisted to provide add-on services for JavaScript modules

NPM Inc, which oversees the popular NPM registry of JavaScript modules is enlisting outside help to provide guidance on security, code analysis, and licensing issues.

Under an expansion of NPM Enterprise to be detailed today, NPM Inc. will partner with third parties to take care of auditing of modules via its NPM Enterprise add-ons service. The current NPM Enterprise product takes the NPM open source registry code base and allows large companies to use it behind their firewall, sharing and reusing code and building private modules not shared on the public registry. Until now, users have had to conduct their own audit processes of modules.

Initial partners include Fossa, which will offer license compliance assistance; bitHound, for code quality analysis; and Lift Security for the Node Security Platform, providing a database of known vulnerabilities in code. The partnerships let experts in capabilities like security and license compliance annotate what NPM Inc. has been doing and eliminate the manual, tedious processes for companies so developers can pick the best open source modules, said Benjamin Coe, general manager for NPM Enterprise product at NPM Inc.

While NPM Enterprise is a fee-based service, some add-on services will be free of charge, such as bitHound’s services, at least at first, Coe said. Others, including Fossa, would charge a monthly fee. “It’s basically up to the third party,” he said. “We’re just opening up our platform where anyone can write something on top of it.”

More partners will be sought to cover additional capabilities. One possibility is analytics, providing information about the behavior of users of a module.

Add-on services eventually could be added to the public registry, said Coe. The NPM registry, popular for use with the Node.js server-side JavaScript platform, features 300,000 open source modules for capabilities like Web servers and front-end JavaScript frameworks. The online registry is accessed via the NPM package manager.

JavaScriptSoftware DevelopmentDevelopment Tools
Paul Krill
by
Editor at Large

Paul Krill is editor at large at InfoWorld. Paul has been covering computer technology as a news and feature reporter for more than 35 years, including 30 years at InfoWorld. He has specialized in coverage of software development tools and technologies since the 1990s, and he continues to lead InfoWorld’s news coverage of software development platforms including Java and .NET and programming languages including JavaScript, TypeScript, PHP, Python, Ruby, Rust, and Go. Long trusted as a reporter who prioritizes accuracy, integrity, and the best interests of readers, Paul is sought out by technology companies and industry organizations who want to reach InfoWorld’s audience of software developers and other information technology professionals. Paul has won a “Best Technology News Coverage” award from IDG.

More from this author

Show me more

news

Stop using AI to submit bug reports, says Google

By Maxwell Cooter
2 mins
Artificial IntelligenceBugsOpen Source
Image
opinion

The ‘toggle-away’ efficiencies: Cutting AI costs inside the training loop

By Jayachander Reddy Kandakatla
9 mins
Artificial IntelligenceGenerative AITechnology Industry
Image
opinion

AI optimization: How we cut energy costs in social media recommendation systems

By Gautam Sikka
9 mins
Artificial IntelligenceSoftware DevelopmentTechnology Industry
Image
video

How to build desktop apps in Typescript with Electrobun

5 mins
Python
Image
video

Write and run assembly in Python with Copapy

5 mins
Python
Image
video

Run AI Models Locally on Your PC — No Cloud Required (LM Studio Guide)

5 mins
Python
Image