Security and open source licenses in focus when using npm packages in Bytesafe

Given the fact that on average a project has around 200 or more dependencies it can be a challenge to manage npm packages securely.

Without the proper tooling to manage package dependencies, control over what packages you actually depend on can quickly spin out of control. Thats why we offer Bytesafe private registries to control and secure your supply chain.

By adding your dependencies to Bytesafes fully managed registries you gain a single source of truth for your projects and whole organization. A place to know, discover and continuously monitor the dependencies you are using.

Bytesafe gives you relevant metrics for your registries and highlights any issues that need your attention. Quickly identify what needs to be fixed and remedy it accordingly! After all, your code is your business!

Continue reading to see how Bytesafe can improve your workflow.

Bytesafe Dashboards

Dashboards make it easy for you to see the security and license issues that need your attention. Security is a team effort and Bytesafe lets your DevOps team shift left to find and fix issues easily while sharing a common view of the found issues.

Simplicity is important and the dashboards make it easier for you and your teams to understand both risks and changes to your package dependencies, regardless if you are a developer, security, QA or from the business side.

Having all packages in a central hub allows you to have a common view and to stay in control over what happens with your package supply chain.

Protect your whole organization from malicious packages

If all developers fetch packages directly from the public npm registry, then there is very little control and security responsibility is on each individual developer to find and remediate potential threats. Remember that new vulnerabilities can be found in the future and someone needs to keep track. Of course this is not a sustainable solution if you want to protect your organization from unnecessary headaches.

Thats why Bytesafe allows you to block malicious packages and be notified when new vulnerabilities are discovered. Packages are automatically and continuously monitored for vulnerabilities and license issues so that you can focus on other things. Also, theres a bunch of other plugins to allow you to configure your own dependency firewall!

Quickly find what packages are problematic

Click on the issue severity in a dashboard and youll see what packages are causing issues. Issues are divided into security or license issues. And to get more information about a specific vulnerability, simply click on it. Keep your software supply chain secure before its too late.

Be sure not to breach any open source licenses

Staying on top of your open source licenses is important to avoid loss of reputation or potential legal costs. Bytesafe helps you identify open source licenses in all files and not just what exists in the package.json file. See a breakdown of licenses you use, identify potential license issues and see the source of a license for a specific package, all from Bytesafe.

Want to learn more?

10 npm best practices

Learn why to use private registries, why using curated registries is a good practise, what you can do to stay in control of your package workflows and more.

Top 10 Npm Security Best Practices

Daniel Parmenvik Feb 2 6 min read

#security #npm #node #webdev

Get started with Bytesafe in less than a minute

Simple steps on how to create your own Bytesafe workspace for free and benefit from all features Bytesafe provides to secure your software supply chain.

Create a free private npm registry with Bytesafe

Daniel Parmenvik May 8 '20 3 min read

#npm #javascript #devops #webdev

Any questions or feedback?

If you have any questions or feedback, please contact me directly at [email protected]. Any feedback is appreciated!

To receive updates from Bytesafe, just follow bytesafedev on Twitter.