Resources Blog New JavaScript intelligence now available in the Nexus ...

New JavaScript intelligence now available in the Nexus Platform

Today we released a new version of our JavaScript intelligence, making it easier for developers to analyze and remediate vulnerabilities and license issues. While we have supported Java Script for some time now, this new release comes at an important time as over 6 billion JavaScript packages are downloaded from npm each week. The exponential growth in open source usage proves that now more than ever, DevOps teams need precise and actionable insight into the quality of the components they are using.

Expanded Coverage and Reduction in False Negatives

The new intelligence uses our patented identification approach to expose hidden JavaScript vulnerabilities not found in other solutions. For example, jQuery, one of the most popular JavaScript libraries, has been embedded, modified, and renamed in more than 72,000 npm packages.  Most solutions cannot identify a modified jQuery component due to the unstructured nature of the JavaScript ecosystem, but with our approach, developers can easily see if they are using an unsafe version.

We also expanded our intelligence coverage to include JS components found within other ecosystems like Java, Ruby, and PyPI. Our customers can now quickly and reliably identify an even larger set of JS components, eliminating false negatives that could expose them to potential risk.

Simplified User Experience

We also simplified the way users view JS components that violate open source policies within Nexus Lifecycle, making it easier for developers to find and fix problems found within their applications.

For example, Nexus Lifecycle used to identify 5,030 JS components that were in violation of policy in the Juice-shop-7 project and included multiple file names for each component -- making it difficult for users to understand why a component was listed many times.

JS blog image 1

With the new release, Nexus Lifecycle identifies only 1082 components, removing the filename column and including only the component name at the modular level.

JS blog 2
The additional files linked to the components can still be seen in the Occurrences tab.

JS blog 3

Take a look at the new user experience in this video from Ilkka Turunen, Solutions Consultant, and learn how the new improvements may affect your existing installations.




We look forward to hearing what you think of the new improvements and welcome any feedback at

Picture of Michelle Dufty

Written by Michelle Dufty

Michelle Dufty is the Senior Director of Product Marketing at Sonatype where she brings solutions to market that unite development, security, and operations teams to accelerate software innovation while minimizing open source risk.