NodeSource evaluates publicly-available packages based on weighted criteria and uses a custom algorithm to compute a “trust score” for each package.
When packages are added or updated they are evaluated against critical, major, and minor criteria, giving your team up-to-date information on the security and reliability of modules.
After creating your NodeSource account:
Install NCM Desktop
Download the NCM Desktop application for your respective development platform (Windows, macOS, or Linux).
Sign In with NodeSource
Sign in to the NCM Desktop application with your NodeSource Account, using direct authentication or GitHub/Google SSO.
Get Back to Work
After successfully authenticating, NCM Desktop will serve as a local proxy for
npm installs on your machine – you can also be more explicit and add specific directories as Projects.
Gain insight into exactly what’s coming onto your machine every time you
npm install – vulnerability data, license information, code quality metrics, and more.
Inspect every module within your project’s dependency tree on a granular level. Sort by vulnerabilities, compliance, and code quality issues to understand exactly what’s on your machine.
If there’s a module that has a known vulnerability or non-compliant license that you simply must have, you can whitelist it at an org-wide level.
In organizations, you can add multiple team members depending on what plan you’re using. Team members have different levels of access, including organization administrators, whitelist administrators, and normal users.