javascript - tools - npm - security

npm security

two factor auth

Protect your npm account with two-factor authentication and read-only tokens - 20171004

npm@5.5.1 or sup

Node Security Platform

Node Security Platform

Called NSP.

Analyze npm registry for vulnerabilities.

Vulnerabilities list here.

Powered by Lift Security.

They do also code review on the npm CLI and on the registry source code and they conducts audits and penetration tests.

They have been acquired by npm inc in april 2018.

articles

Attitudes to security in the JavaScript community - 20180410

a survey of over 16,000 developers run by npm in collaboration with the Node.js Foundation and the JS Foundation

Conclusions

  • Best practices like testing, linting, code reviews and security scans are a sign of an experienced developer.
  • Strong majorities of JavaScript developers are concerned about the security both of the code they write and the open source code they use.
  • But developers are more trusting of the security of open source code than their own.
  • Developers are not happy with the options available to them for securing their code.

results for ""

    No results matching ""