*San Francisco – March 16, 2017 – *NodeSource, the Node.js company, today announced the release of NodeSource Certified Modules to provide a more secure and reliable way to take advantage of more than 400,000 modules available to users in the Node.js ecosystem.
Node.js powers a massive amount of everyday software, including applications on the web and desktop, the back-end of APIs and embedded software in IoT and robotics. NodeSource provides production-grade tools to ensure everything stays up, online and connected.
As the Node.js ecosystem continues to grow, more organizations are relying on untrusted third-party modules to run mission-critical applications and services. NodeSource Certified Modules addresses this issue with a highly-available registry, with the packages themselves certified through rigorous analysis with NodeSource’s proprietary certification algorithm. A simple, one-time npm (Node Package Manager) configuration change ensures users are using Node modules from a stable, reliable and secure source.
The product was developed so that organizations can quantify and mitigate the risks associated with using third-party Node.js modules. The company provides a framework for governance of Node.js modules that are more dependable.
The product includes a certification process that evaluates each npm package within a registry and calculates a quantitative trust score, allowing organizations to reduce risk exposure and install and utilize with confidence. For each module that NodeSource certifies, ongoing and in real time, monitoring of security vulnerabilities identifies emerging risks. This allows organizations to take advantage of the wide range of modules available within the open source ecosystem, including an added layer of assurance provided by NodeSource.
"Today’s developers have been faced with the significant burden of hundreds of thousands of unreliable packages available on npm. At NodeSource, we’ve created a groundbreaking product that is solving a critical need for Node.js users by eliminating the unknown in open source," said Joe McCann, CEO of NodeSource. “We’ve taken the pain out of choosing Node modules and show our customers, based on our certification process, which modules are safe, secure and reliable and which ones are not.”
What Certified Modules Mean for Open Source and Node.js
Organizations using Node.js to run mission-critical applications in production are now able to reduce risk and still take advantage of the ecosystem benefits. NodeSource enables further Node.js adoption and success within organizations governed by security risk management and compliance needs. Additionally, it meets enterprise needs for Node.js development, adding dependency management to existing runtime capabilities.
*Key Features *
NodeSource evaluates publicly available packages based on security, compliance, quality and other unique tests to determine the trust score for each package
Security vulnerability monitoring is ongoing; as the risk profile of any single package changes, teams can update or swap modules accordingly
Teams can take advantage of the rich ecosystem of third-party modules more securely and efficiently with Node.js while managing their risk
It is no longer necessary to devote resources to manually vetting publicly available modules and for compliance teams to perform laborious compliance checks before pushing code to production
"Our foundation powers open source development for financial services so security is paramount for firms to confidently collaborate in the open," says Gabriele Columbro, Executive Director of Symphony Foundation. “With NodeSource Certified Modules we now provide a scalable way to ensure OSS compliance, allowing our community to be in a ‘safe space’ and to focus on what matters: developing great open source projects."
NodeSource is a technology company dedicated to delivering enterprise-grade solutions in support of a sustainable ecosystem for the open source Node.js project. We aim to drive and expand the Node.js ecosystem by providing best-of-breed solutions that specifically target the needs of businesses deploying Node.js. Customers include NASA, MasterCard, Uber, PayPal, Condé Nast, and other progressive Node.js adopters. NodeSource is a founding member of the Node.js Foundation, a Heavybit member company and backed by RRE Ventures, Crosslink Capital, Resolute VC and our AngelList Open Source Syndicate. For more information, visit nodesource.com and follow @nodesource on Twitter.