Schedule a chat to see how to enhance npm audit.

Easily integrate Sonatype Nexus with npm audit to better secure your Javascript workflow.

Npm install is a powerful command with the average developer using it to download over 90,000 packages a year. Thousands of malicious, unknown attacks on the npm registry are being discovered daily, so you need to know which alerts count today and which don’t. npm audit gives developers awareness of problems, but lacks context and awareness of the project at hand.

Combining the in-depth security research and policy engine that only Sonatype’s Nexus platform has with the npm audit command, gives you the Javascript security you need, while keeping your workflow unchanged. 

Step 1 Animation

Step 1

Create a npm proxy registry with Nexus Repository to take advantage of the npm registry without incurring repeated downloads and losing unpublished components.

Step 1 Animation

Step 1

Create a npm proxy registry with Nexus Repository to take advantage of the npm registry without incurring repeated downloads and losing unpublished components.

Step 2

Add Nexus Firewall to prevent malicious packages from being downloaded into your machine. It’s not just about audit alerts — some packages are designed to get you during the package install. Just in 2021, we’ve found over 12,000 malicious npm packages that were previously unknown.

Get maximum protection with our early warning system that prevents malicious and suspicious npm components from ever entering your environment. 

 

Step 2 Animation

Step 2

Add Nexus Firewall to prevent malicious packages from being downloaded into your machine. It’s not just about audit alerts — some packages are designed to get you during the package install. Just in 2021, we’ve found over 12,000 malicious npm packages that were previously unknown.

Get maximum protection with our early warning system that prevents malicious and suspicious npm components from ever entering your environment. 

 

Step 2 Animation

Step 3 Animation

Step 3

Sit back, relax and code more securely with a supercharged npm workflow.  That’s it! Configure your npm client to use your new proxy, and you’re done!

Your npm audit runs will now automatically receive Nexus Intelligence in tandem with a Policy rating, telling you which alerts matter and which ones you can suppress. 

Step 3 Animation

Step 3

Sit back, relax and code more securely with a supercharged npm workflow.  That’s it! Configure your npm client to use your new proxy, and you’re done!

Your npm audit runs will now automatically receive Nexus Intelligence in tandem with a Policy rating, telling you which alerts matter and which ones you can suppress. 

Nexus Intelligence, which underpins the Nexus platform, is designed to detect supply chain issues as soon as they’re discovered. Powered by AI and an enterprise-sized security research team, Sonatype produces intel that helps you immediately understand the issue and guides you through your options. All of this, without any changes needed to your workflow. With the most precise intelligence on open source security vulnerabilities, license risk, and architectural quality of npm components, you’re able to build better applications faster, and more securely. 


Blog: Read more on using the npm audit command line in your Nexus Repository instance.

Not a customer yet? Get in touch and let us show you how a supercharged npm workflow can help you develop better software in 3 easy steps.