The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

From Prototype Pollution to full-on remote code execution, how can adversaries exploit npm modules?

By Akshay 'Ax' Sharma on August 19, 2020 vulnerabilities
August's Nexus Intelligence Insight looks at the NodeJS component express-fileupload which now has a critical Prototype Pollution vulnerability.
Read More...

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github
Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...

Custom Node Module Management using Private npm Registry Configured in Nexus Repository

By Nipun Thilakshan on June 17, 2020 How-To
How to configure a private npm registry in Sonatype Nexus Repository, and how to publish and consume custom Node.js modules in your projects.
Read More...

New in Nexus Repository 3.23: Nexus Intelligence via npm audit

By Brent Kostak on May 13, 2020 npm
Now developers can check for policy violations using the npm audit command built into the npm CLI, using the precise data of Nexus Intelligence.
Read More...

Comparing npm Audit Versus AuditJS

By Mike Hoskins on April 03, 2020 AppSec
AuditJS is a free tool leveraging Sonatype's OSS Index. OSSI exposes a ReST API aggregating several security vulnerability feeds including CVE, CWE and NVD.
Read More...

How to Access npm Packages After Securing Nexus Repository Manager

By Daniel Pacurici on March 20, 2020 npm
Here are the steps necessary to secure packages, like npm, on the Nexus Repository Manager.
Read More...

Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure

By Brian Fox on March 16, 2020 github
Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages.
Read More...

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

By Mike Hoskins on March 04, 2020 npm
Building good hygiene habits as part of our development practice helps the community at large. Here's how to use Nexus Repository OSS as part of it.
Read More...

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

By Kevin Miller on March 03, 2020 Nexus Lifecycle
Enhanced JavaScript support provides improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the SDLC.
Read More...