New Third-Party Security and Licensing Tools Available to NPM Enterprise Users

By: Jeff Bertolucci| - Leave a comment

NPM, Inc. is seeking outside assistance to provide add-on services for JavaScript modules, according to CIO. This week, the company announced the expansion of NPM Enterprise to include third-party security, code analysis and licensing solutions — essentially add-ons that will help manage the auditing of modules offered through NPM’s add-on service.

The introduction of add-ons for NPM Enterprise makes it possible for large companies to integrate third-party security solutions and other developer tools into their enterprise products. It also enables enterprises to use the NPM open-source registry code base behind their firewalls. Companies will be able to share and reuse the code, as well as build private modules that aren’t shared on the public registry.

The Perks of Third-Party Security Add-Ons

The NPM Enterprise expansion is good news for enterprises, which previously had to conduct their own audits of JavaScript modules. By integrating third-party developer tools into Enterprise, companies can easily incorporate small, reusable components from the open-source community into their development workflows.

The expansion also gives third-party developers access to an application program interface (API) that they can build out for a variety of uses, including:

  • Adding extra user interface components to customers’ private NPM websites.
  • Automating key parts of the software development lifecycle, such as automatically applying a security scan when attempting a first-time package install.
  • Adding hooks to package installation and publishing events.

Enterprises have strict security rules, of course, which have historically prevented them from using software that is missing a license or hasn’t been greenlit by the company’s legal department. Firms may try to manually review the licensing requirements for external code, but as the NPM blog points out, this approach simply doesn’t scale.

NPM Partners Up for Add-Ons

NPM’s three launch partners — Node Security Platform, FOSSA and bitHound — offer add-ons that address some major concerns:

  • FOSSA offers assistance with license compliance.
  • bitHound offers analysis of code quality.
  • Lift Security for the Node Security Platform offers a database of known code vulnerabilities.

While NPM Enterprise is a fee-based service, tools such as bitHound’s add-on will be free at first, according to CIO. Other providers, such as FOSSA, will charge a monthly fee.

The NPM Enterprise announcement is the latest example of how third-party security solutions, partnerships and outsourcing can provide efficient, effective results for IT managers looking to save money without sacrificing progress and security. As a recent IBM report suggests, third-party partnerships can help simplify the IT landscape and make it more cost-effective.

Topics: , ,


About The Author

Jeff Bertolucci

News Writer

Jeff Bertolucci is a Los Angeles-based journalist specializing in technology, digital media, and education. His work has appeared in Kiplinger's Personal Finance, InformationWeek, PCWorld, Macworld, The Saturday Evening Post, The Los Angeles Times and many other publications.