Enterprise NPM users to get help with security, licensing

NPM Inc, which oversees the popular NPM registry of JavaScript modules is enlisting outside help to provide guidance on security, code analysis, and licensing issues.

Under an expansion of NPM Enterprise to be detailed today, NPM Inc. will partner with third parties to take care of auditing of modules via its NPM Enterprise add-ons service. The current NPM Enterprise product takes the NPM open source registry code base and allows large companies to use it behind their firewall, sharing and reusing code and building private modules not shared on the public registry. Until now, users have had to conduct their own audit processes of modules.

Initial partners include Fossa, which will offer license compliance assistance; bitHound, for code quality analysis; and Lift Security for the Node Security Platform, providing a database of known vulnerabilities in code. The partnerships let experts in capabilities like security and license compliance annotate what NPM Inc. has been doing and eliminate the manual, tedious processes for companies so developers can pick the best open source modules, said Benjamin Coe, general manager for NPM Enterprise product at NPM Inc.

While NPM Enterprise is a fee-based service, some add-on services will be free of charge, such as bitHound's services, at least at first, Coe said. Others, including Fossa, would charge a monthly fee. "It's basically up to the third party," he said. "We're just opening up our platform where anyone can write something on top of it."

More partners will be sought to cover additional capabilities. One possibility is analytics, providing information about the behavior of users of a module.

Add-on services eventually could be added to the public registry, said Coe. The NPM registry, popular for use with the Node.js server-side JavaScript platform, features 300,000 open source modules for capabilities like Web servers and front-end JavaScript frameworks. The online registry is accessed via the NPM package manager.

IDG Insider


« How to make Google Drive apps look and work more like Microsoft Office


Google sells stake in satellite Internet operator O3b Networks »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail


Do you think your smartphone is making you a workaholic?