NodeSource is curating JavaScript packages for security, dependencies
NodeSource’s Certified Modules service, intended to ensure the safety of NPM modules, becomes generally available on Thursday.
Previously available only in a private beta stage, the service for Node.js was developed to address concerns over issues like security, licensing, and dependencies among the JavaScript modules. Dependencies became a major sticking point last year when removal of one package from the public NPM registry resulted in others failing.
The company is curating all NPM packages in the registry, including different versions of these packages, and will let users know which are OK to use. Users can whitelist modules that do not meet certification criteria, such as not having a permissive license requirements.
