The NodeSource Blog

Announcing N|Solid Version 4.1.0 - NCM in N|Solid Console and NCM Strict Mode

We are excited to announce NSolid 4.1.0, which introduces NodeSource Certified Modules NCM in NSolid console and NCM Strict Mode.

NodeSource Certified Modules provides you and your teams with actionable insights into the risk levels that are present in your use of third-party packages. Using a series of tests, we score packages on npm to look for a number of weighted criteria. With the NCM you can scan your projects, for existing security vulnerabilities, license concerns, code risk and code quality. This helps you understand the level of risk exposure and how to mitigate it.

There are 4 criteria or rules run against a package:

  1. Security
  2. Compliance
  3. Module Risk
  4. Code Quality

What’s new

If you have used NCM 2, you will find this new feature very familiar. In the past, it could only be used as a CLI dependency to be downloaded via npm. Now you can also use it as a feature inside the NSolid Console.

The conditions and weighted criteria for module certification has not changed.

Now when we go to the console and see the modules in my project, there is a new NCM column as we can see in the image below.

1

In the ncm column we can see 4 lines which indicate the level of risk of each module. 4 lines are critical risk level, 3 means high, 2 medium and 1 means the level of risk is low.

image2

The modules with higher risk will be prioritized, the column is sorted from highest to lowest risk.

If we click on the module we can see the module's details that includes the score according to the 4 weighted criteria.

28

Each criteria has specific points with a score; green means good, orange high and red critical.

In the image below we can see that the score for Code Quality is 2, given that it has one package with a high score, one medium and the other 3 are fine.

We can also see the summary of the module. In general, it has high risk, 0 security vulnerabilities found and no compliance issues, but 1 module risk score, and 2 for code quality.

5

If we go back to the NCM column we can see that some of the modules have a Noncompliant sign as we can see in the image below.

5

This means that it doesn’t have a valid licence, it doesn’t exist or it has an error.

Strict Mode

The strict mode is not in the NSolid console but in the CLI NSolid runtime.

Some users prefer the runtime over the console. Strict Mode allows the user to access the same functionalities as the console on the CLI, the main difference is that in the runtime you cannot run any process or application that doesn’t pass the score: if the module has risk, no licences or if the score is not good, the runtime won’t let you run any processes.

Use the command nsolid-strict and you will see:

6

It will show us an error saying that it is trying to run the process with NSolid but is not allowed because it has a vulnerability or it didn’t pass the certification.

If we fix that process and the certification passes, we will see this:

7

The strict mode goes through each of the modules that are installed in the package and verifies that they do not have problems with the dependencies installed. It’s “strict” because it does not let you execute the process until the modules are fixed.

Supported Operating Systems - N|Solid Runtime

Please note that The N|Solid Runtime is supported on the following operating systems:

  • macOS
    • macOS 10.11 and newer
  • RPM based 64-bit Linux distributions:
    • Amazon Linux AMI release 2015.09 and newer
    • RHEL7 / CentOS 7 and newer
    • Fedora 30 and newer
  • DEB based 64-bit Linux distributions:
    • Ubuntu 14.04 and newer
    • Debian 8 (jessie) and newer
  • Alpine
    • Alpine 3.3 and newer

Supported Operating Systems & Requirements - N|Solid Console

The N|Solid Console is supported on the following operating systems:

  • macOS 10.11 and newer
  • RPM based 64-bit Linux distributions:
    • Amazon Linux AMI release 2015.09 and newer
    • RHEL6 / CentOS 6 and newer
    • Fedora 27 and newer
  • DEB based 64-bit Linux distributions:
    • Ubuntu 14.04 and newer
    • Debian 8 (jessie) and newer
  • Alpine
    • Alpine 3.3 and newer
  • Amazon Linux
    • Amazon Linux AMI release 2015.09 and newer

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free