Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Comparing npm Audit Versus AuditJS

By Mike Hoskins on April 03, 2020 AppSec
AuditJS is a free tool leveraging Sonatype's OSS Index. OSSI exposes a ReST API aggregating several security vulnerability feeds including CVE, CWE and NVD.
Read More...

How to Access npm Packages After Securing Nexus Repository Manager

By Daniel Pacurici on March 20, 2020 npm
Here are the steps necessary to secure packages, like npm, on the Nexus Repository Manager.
Read More...

Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure

By Brian Fox on March 16, 2020 github
Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages.
Read More...

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

By Mike Hoskins on March 04, 2020 npm
Building good hygiene habits as part of our development practice helps the community at large. Here's how to use Nexus Repository OSS as part of it.
Read More...

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

By Kevin Miller on March 03, 2020 Nexus Lifecycle
Enhanced JavaScript support provides improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the SDLC.
Read More...

How Do Application-Level Package Managers Work?

By Ember DeBoer on January 23, 2020 repository manager
Managing dependencies is a complex task. As Sam Boyer explains, “It’s not the algorithmic side that makes [application-level package managers] hard.”
Read More...

What is a Package Dependency Manager?

By Ember DeBoer on January 22, 2020 Apache Maven
Terms like package manager, dependency management, repository, and repository manager are used in software development. Are we speaking a common language?
Read More...

Nexus Intelligence Insights: Sonatype-2020-0003 - npm malicious package 1337qq-js

By Elisa Velarde on January 15, 2020 vulnerabilities
In this month's Nexus Intelligence Insights, we cover Sonatype-2020-0003: npm malicious package 1337qq-js. Here's why it made noise but had no impact.
Read More...

Publishing Private NPM Packages to Nexus

By Erik Dietrich on June 12, 2019 How-To
From DRY principle, sharing code within an organization, and keeping code secure, there are many reasons you may want to publish private NPM packages to Nexus. Today, we show you the how.
Read More...