News and notes from the makers of Nexus
Sonatype DepShield Now Protects NPM Projects
by Justin Young on November 20, 2018

Tags: NPM support, DepShield

I remember that when I first heard about Node.js, I couldn’t believe that developers were using a language meant for single threaded client side scripting for web servers and desktops. (At the time, I was working with ASP.NET Web Forms and massive viewstate objects passed between client and server at the time, so that probably explains why I was so surprised).

Throughout the last decade, I have worked on the front and back end of software development, and I must admit that my time working on the front-end has made me grow quite keen on JavaScript: first-class functions, platform independence, and its large supportive community are a few of the reasons why.

Now in my role as Product Owner, I find myself spending a lot of time working in Node.js because JavaScript is such a dynamic language, making it easier for me to focus on features with the limited time I have to code. In fact, I wrote the first prototype for DepShield in Node.js during a biweekly improvement day - free time every other week to work on projects that will benefit the company.

I am definitely not alone in my enjoyment of JavaScript. GitHub’s State of the Octoverse declares that in 2017, 2.3 million pull requests were opened in JavaScript projects. As a contribution back to the supportive community I’ve enjoyed, I’m excited to announce that Sonatype DepShield now supports the Node.js package manager, npm.

Using Sonatype OSS Index’s database of over 1,500 npm packages which have vulnerable versions, DepShield automatically identifies opportunities for developers to update their dependencies to patch and fixed versions that are no longer vulnerable.

npm blog
Open Source contributors are working hard at reducing vulnerabilities in their projects and DepShield enables project consumers to benefit from these efforts as soon as possible. If you contribute to or maintain any project utilizing npm, head over to GitHub’s Marketplace and give DepShield a try.

Recent Posts

Posts by Topic

see all

Get Blog Updates