|** Note: Nexus Intelligence via npm audit requires an organization to own a license of Nexus Firewall or Nexus Lifecycle|
What is the npm audit command?
Npm also added an “npm audit fix” command that will upgrade a dependency to the latest version without a violation.
Nexus Intelligence via npm audit
So, what is this new feature from Sonatype? How does Nexus Intelligence improve the npm audit command?
The following are key benefits of using this new feature for Nexus Repository OSS and Pro developers:
Developer Workflow - Nexus Repository developers can now use the default npm audit command. If an organization has Nexus Repository and Nexus IQ already configured, the npm audit command will start working for them without any changes to each developer's machine. This makes the roll out very easy for admins and teams.
- Automated Remediation - If policy violations are found and updates are available, developers can run the “npm audit fix” subcommand to automatically update vulnerable dependencies to fix policy violations.
- Predictive Build Insights - Nexus Firewall blocks bad components from being downloaded into your developer pipelines. When this occurs, it can be challenging for developers to understand why exactly their build failed. Developers using the npm audit command will be able to receive that information and know ahead of time why Nexus Firewall would interact with their build.
For further Nexus release details and any questions you may have, please refer to the links below: