Certified Modules in Node.js and vulnerabilities

Certified Modules

At Node.js Interactive 2016 in Austin, TX, they could report a completely new item – NodeSource Certified Modules™ – in their Day One keynote with Joe McCann. NodeSource Certified Modules are by and large accessible. With NodeSource Certified Modules, NodeSource gives an evaluated level of trust in each of the modules they ensure.

node js logo

In a nutshell, npm modules are certified to contain no vulnerabilities and be trusted, for a fee, in your production environment.

Trust

NodeSource Certified Modules is an answer that naturally assesses openly accessible moduless that make the Node.js community, in light of two sorts of criteria: major and minor. Once assessed and scored, all modules are put into an autonomous, changeless registry with high-accessibility – meaning your modules are accessible, when you require them.

These checks are keep running against each variant of each module that is distributed to npm. These checks aren’t shallow – they plunge profound into the reliance tree to guarantee that down the line there’s zero module vulnerabilities in what are generally imperceptible conditions, and that you can guarantee that licenses are open-source all through.

cogs representing configuration

Configuration

When you start utilizing NodeSource Certified Modules, you will get a protected registry that is yours. To start utilizing your NodeSource Certified Modules registry, you’ll have to make a straightforward, one-time change to your .npmrc document – you essentially need to set your default registry to the exceptional URL of your NodeSource Certified Modules registry.

This is a straightforward change that you can make by running the npm config CLI order to set your default registry to the NodeSource Certified Modules registry that is made for you when you setup your record.

Once your registry is indicated your NodeSource Certified Modules registry, you’re just a npm introduce away. They give a basic web interface that permits you to discover and audit the accreditation scores of all moduless in the registry anytime. Furthermore, they’ve manufactured an integral instrument called nscm to give a summon line interface that permits assessment of a Node.js application to see adaptations, scores, and, if conceivable, the latest form that is confirmed.

Moreover, the instrument permits clients to whitelist at least one module, to prohibit them from the confirmation screening process until they can be refactored or potentially replaced.

Together with NodeSource Certified Modules, this gives a far reaching Node.js toolset supported by NodeSource’s open source and item groups, tuned to fulfill the requirements of the most requesting Node.js clients in the world.

linux terminal on screen

Source : https://nodesource.com/blog/hello-certified-modules-the-future-of-trust-in-node-js-dependencies