NodeSource’s Certified Modules service, intended to ensure the safety of NPM modules, becomes generally available on Thursday.
Dependencies became a major sticking point last year when removal of one package from the public NPM registry resulted in others failing.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld’s Security Report newsletter. ]
The company is curating all NPM packages in the registry, including different versions of these packages, and will let users know which are OK to use. Users can whitelist modules that do not meet certification criteria, such as not having a permissive license requirements.To read this article in full or to leave a comment, please click here