NodeSource October 2018 Update

The NodeSource Blog

You have reached the beginning of time!

NodeSource October 2018 Update

Today we're excited to share a suite of changes to all of our products and platforms –NCM, NodeSource Accounts, and N|Solid.

This release is an evolution of our releases in August, expanding the functionality of NCM Desktop, introducing the entirely new ncm-ci, shipping a suite of enhancements to NodeSource Accounts, and integrating NodeSource Accounts into N|Solid itself!

Let's dig in to what we've shipped:

NodeSource Certified Modules:

We’re excited to share that we’ve shipped NCM Desktop Beta 3, which includes the following enhancements:

NCM Desktop Beta 3 Updates:

This release introduces a file watcher architecture, replacing the previous proxy-based architecture. We’ve been working on this since the original release, as we realized that and unintended side-effect of a proxy-based architecture was that generated package-lock.json and yarn.lock files included the local proxy URL as the source of modules. In contexts like open source or inner source, this doesn’t scale particularly well, as it would require all users to have NCM Desktop installed and running.

  • Updated projects view
    • We now directly surface vulnerable modules and compliance issues in the projects list and inside of each projects view.
  • You can now see how a module was introduced into your project via the new "Required By" section on a module’s details page and by hovering the tree icon in the module list, reducing the time to triage vulnerabilities and noncompliance issues.
  • We now surface low, medium, high, and critical vulnerability data. Yay for understanding severity!
  • Added and Removed Indicators, showing historical information about which modules are new and which ones you’ve gotten rid of, historically.

Introducing ncm-ci

We’re excited to share ncm-ci for Organizations, a CLI tool to consume NCM data in your CI/CD pipelines, exiting with a non-zero exit code if your application has vulnerable or noncompliant modules. The CLI utilizes Service Tokens, an entirely new feature which we’ve introduced in an update to NodeSource Accounts (see below!)

The ncm-ci tool can be used either as a global module or via npx, depending on how you prefer to use it in your CI/CD pipelines.

Usage globally:

npm install -g @nodesource/ncm-ci
export NCM_TOKEN=<your token>

Usage with npx:

export NCM_TOKEN=<your token>
npx @nodesource/ncm-ci

It’s worth noting that ncm-ci is intended to be a utility for CI/CD, not to be a fully featured NCM CLI utility – that’s coming later 😉

NodeSource Accounts:

With this release, we’ve introduced Service Tokens into NodeSource Accounts. Service Tokens are able to be created by individuals with the Admin role and currently enable machine access to a few different things:

  • Read the organization whitelist
  • Write the organization whitelist
  • Read Certification data

This initial pass at Service Tokens is focused on enabling ncm-ci. We will be continuing to work on Service Tokens in the long run – if you have specific ideas or thoughts on how they can be used or what new permissions should be included, we’d love to hear from you!

N|Solid 3.4.0:

With the release of N|Solid 3.4.0, we’ve integrated NodeSource Accounts directly into the Console and have added several minor features to improve the overall experience with the N|Solid Console.

On first-use, N|Solid will now be able to be configured to be "owned" by an organization or user – automatically configuring that organization or user’s N|Solid license key from their NodeSource Account.

By integrating NodeSource Accounts directly into the N|Solid Console, we’ve also enabled sign-in to the console – a long-requested feature!

Organizations can now require users to be an organization member to view the console, meaning you now have more precise control over who can access and operate the N|Solid Console. In previous N|Solid versions, access to the console was managed at the network availability level.

Additionally, there’s the added benefit of not needing to deal with license keys directly. Your personal and organizational license keys will always be available to you, but you need not copy/paste them directly into the console anymore – signing in and connecting a console to an organization or personal account will automatically use the appropriate license key.

On top of adding accounts, we’ve shipped a suite of small enhancements to the Console to make your life that much easier. Here’s a quick list:

  • Notifications for fatal exceptions properly handled with unhandledException (this is 100% what you should be doing!) will now also feed into Slack and Webhook exit hook notification with a stack trace
    • Existing behavior: If you do not catch the error and the process exits, it's reported naturally
    • New behavior: If you do catch the error using undefined and exit synchronously it is automatically included in the exit hook
    • New behavior: If you catch the error using undefined and exit asynchronously by performing application shutdown, it cannot be automatically reported because we can't tell that you intend to shut down. However, you can call undefined in your UE handler and then it will be reported
  • If you currently have no connected processes, we now surface the environment variable needed to connect an N|Solid Runtime to the N|Solid Console directly in the Console, until a process is connected.
  • Linux versions of N|Solid will now display instructions and a link to open the N|Solid Console in the apt-get install process.


If you're interested in what we've shipped today, be sure to check everything out with your NodeSource Account – where you can download N|Solid, NCM, and everything else we offer. If you have any questions or feedback, feel free to reach out to the team or our official channels (we're @NodeSource everywhere!)

We're looking forward to continued development for N|Solid, NCM, and NodeSource Accounts... and have some other work we're really excited to share soon. Be sure to stay tuned!

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free