Sonatype Adds npm & JavaScript Intelligence to Nexus Platform


New capabilities represent the world’s first definitive database and coordinate system capable of precisely identifying JavaScript components and versions

Fulton, MD. – October 18, 2016 - Sonatype, the leader in software supply chain automation, today unveiled an updated version of the Nexus platform that provides modern development organizations with unmatched, precise intelligence about npm and JavaScript components so they can continuously deliver higher quality software through DevOps automation and scale.

In direct response to market demand for DevOps-native tooling, Sonatype has delivered the world’s first and only coordinate system that is capable of precisely identifying all JavaScript contained in the npm, Central, and NuGet repositories. This enormous engineering effort was accomplished by mapping 43 million unstructured files and roughly 6 million unique JavaScript components into a single, definitive database that identifies names, versions, vulnerabilities, licenses, and code modifications associated with JavaScript components.

To understand the depth of this achievement consider the example of jQuery, the most popular JavaScript library that has been embedded, modified, and renamed in 72,000 npm packages.  In years past, due to the unstructured nature of the JavaScript ecosystem, development teams lacked the ability to quickly and reliably identify specific versions of jQuery to even know if a npm package was healthy or vulnerable. However, beginning today, organizations can use the Nexus platform to further automate and scale Continuous Delivery and DevOps practices and ensure that mission critical software consists of the highest quality JavaScript components.

“Organizations take the first steps toward releasing applications faster when they recognize two things: They cannot continue the way they work today; and with the right practices, faster releases are actually less risky,” wrote analysts Kurt Bittner, Diego Lo Giudice, and Amy DeMartine in the March 2016 Forrester report entitled Boost Application Delivery Speed And Quality With Agile DevOps Practices.  “Evaluating and approving standard components helps organizations streamline their software supply chains, improve quality, and reduce risk and cost.”

“Scaling a modern software supply chain requires deep intelligence that is precise enough to automatically weed out vulnerable, outdated, and defective open source components and packages,” said Wayne Jackson, CEO, Sonatype.  “Our customers operate in a polyglot world and that’s why we’re continuously investing to deliver the world’s best component intelligence not just for Java, but for JavaScript, .NET, RubyGems, PyPI, and other formats as well.”

Additional Resources

About Sonatype

With more than 100,000 installations, companies around the globe use Sonatype’s Nexus solutions to manage reusable components and improve the quality, speed and security of their software supply chains. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. For more information, visit:

Media Contact

Jennifer Edgerly
SpeakerBox Communications for Sonatype