Enterprise NPM users to get help with security, licensing
Under an expansion of NPM Enterprise to be detailed today, NPM Inc. will partner with third parties to take care of auditing of modules via its NPM Enterprise add-ons service. The current NPM Enterprise product takes the NPM open source registry code base and allows large companies to use it behind their firewall, sharing and reusing code and building private modules not shared on the public registry. Until now, users have had to conduct their own audit processes of modules.
Initial partners include Fossa, which will offer license compliance assistance; bitHound, for code quality analysis; and Lift Security for the Node Security Platform, providing a database of known vulnerabilities in code. The partnerships let experts in capabilities like security and license compliance annotate what NPM Inc. has been doing and eliminate the manual, tedious processes for companies so developers can pick the best open source modules, said Benjamin Coe, general manager for NPM Enterprise product at NPM Inc.
While NPM Enterprise is a fee-based service, some add-on services will be free of charge, such as bitHound's services, at least at first, Coe said. Others, including Fossa, would charge a monthly fee. "It's basically up to the third party," he said. "We're just opening up our platform where anyone can write something on top of it."
More partners will be sought to cover additional capabilities. One possibility is analytics, providing information about the behavior of users of a module.
Add-on services eventually could be added to the public registry, said Coe. The NPM registry, popular for use with the Node.js server-side JavaScript platform, features 300,000 open source modules for capabilities like Web servers and front-end JavaScript frameworks. The online registry is accessed via the NPM package manager.