New Third-Party Security and Licensing Tools Available to NPM Enterprise Users
The introduction of add-ons for NPM Enterprise makes it possible for large companies to integrate third-party security solutions and other developer tools into their enterprise products. It also enables enterprises to use the NPM open-source registry code base behind their firewalls. Companies will be able to share and reuse the code, as well as build private modules that aren’t shared on the public registry.
The Perks of Third-Party Security Add-Ons
The expansion also gives third-party developers access to an application program interface (API) that they can build out for a variety of uses, including:
- Adding extra user interface components to customers’ private NPM websites.
- Automating key parts of the software development lifecycle, such as automatically applying a security scan when attempting a first-time package install.
- Adding hooks to package installation and publishing events.
Enterprises have strict security rules, of course, which have historically prevented them from using software that is missing a license or hasn’t been greenlit by the company’s legal department. Firms may try to manually review the licensing requirements for external code, but as the NPM blog points out, this approach simply doesn’t scale.
NPM Partners Up for Add-Ons
NPM’s three launch partners — Node Security Platform, FOSSA and bitHound — offer add-ons that address some major concerns:
- FOSSA offers assistance with license compliance.
- bitHound offers analysis of code quality.
- Lift Security for the Node Security Platform offers a database of known code vulnerabilities.
While NPM Enterprise is a fee-based service, tools such as bitHound’s add-on will be free at first, according to CIO. Other providers, such as FOSSA, will charge a monthly fee.
The NPM Enterprise announcement is the latest example of how third-party security solutions, partnerships and outsourcing can provide efficient, effective results for IT managers looking to save money without sacrificing progress and security. As a recent IBM report suggests, third-party partnerships can help simplify the IT landscape and make it more cost-effective.