Protect your npm account with two-factor authentication and read-only tokens - 20171004
[email protected] or sup
Called NSP.
Analyze npm registry for vulnerabilities.
Powered by Lift Security.
They do also code review on the npm CLI and on the registry source code and they conducts audits and penetration tests.
They have been acquired by npm inc in april 2018.
Attitudes to security in the JavaScript community - 20180410
a survey of over 16,000 developers run by npm in collaboration with the Node.js Foundation and the JS Foundation
Conclusions
- Best practices like testing, linting, code reviews and security scans are a sign of an experienced developer.
- Strong majorities of JavaScript developers are concerned about the security both of the code they write and the open source code they use.
- But developers are more trusting of the security of open source code than their own.
- Developers are not happy with the options available to them for securing their code.