When Microsoft acquired JavaScript Node package manager (npm) company npm, with its over 1.3 million packages and 75 billion downloads, I’d hoped that some of npm’s notoriously unstable releases would finally be fixed. I hoped in vain. For instance, the recent npm libraries ‘colors.js’ and ‘faker.js’ mess showed that we haven’t improved much from 2016’s infamous, ‘left-pad npm’ episode. In all three cases, tens of thousands of npm programs went up in smoke.
So it is a good thing that JFrog, a company that uses DevOps principles to secure the software supply chain, has released three new open-source programs to detect and block the installation of malicious npm packages.
JFrog Helps Clean up Bad npm JavaScript with 3 New Tools. More>