DEV Community

Cover image for Security and open source licenses in focus when using npm packages in Bytesafe
Daniel Parmenvik
Daniel Parmenvik

Posted on • Edited on • Originally published at bytesafe.dev

Security and open source licenses in focus when using npm packages in Bytesafe

Given the fact that on average a project has around 200 or more dependencies it can be a challenge to manage npm packages securely.

Without the proper tooling to manage package dependencies, control over what packages you actually depend on can quickly spin out of control. That’s why we offer Bytesafe private registries to control and secure your supply chain.

By adding your dependencies to Bytesafe’s fully managed registries you gain a single source of truth for your projects and whole organization. A place to know, discover and continuously monitor the dependencies you are using.

Bytesafe gives you relevant metrics for your registries and highlights any issues that need your attention. Quickly identify what needs to be fixed and remedy it accordingly! After all, your code is your business!

Continue reading to see how Bytesafe can improve your workflow.


Bytesafe Dashboards

Know your dependencies and trust your code

Dashboards make it easy for you to see the security and license issues that need your attention. Security is a team effort and Bytesafe lets your DevOps team shift left to find and fix issues easily while sharing a common view of the found issues.

Simplicity is important and the dashboards make it easier for you and your teams to understand both risks and changes to your package dependencies, regardless if you are a developer, security, QA or from the business side.

Having all packages in a central hub allows you to have a common view and to stay in control over what happens with your package supply chain.


Protect your whole organization from malicious packages

Bytesafe plugins

If all developers fetch packages directly from the public npm registry, then there is very little control and security responsibility is on each individual developer to find and remediate potential threats. Remember that new vulnerabilities can be found in the future and someone needs to keep track. Of course this is not a sustainable solution if you want to protect your organization from unnecessary headaches.

That’s why Bytesafe allows you to block malicious packages and be notified when new vulnerabilities are discovered. Packages are automatically and continuously monitored for vulnerabilities and license issues so that you can focus on other things. Also, there’s a bunch of other plugins to allow you to configure your own dependency firewall!


Quickly find what packages are problematic

Quickly find packages causing issues

Click on the issue severity in a dashboard and you’ll see what packages are causing issues. Issues are divided into security or license issues. And to get more information about a specific vulnerability, simply click on it. Keep your software supply chain secure before it’s too late.


Be sure not to breach any open source licenses

Stay on top of open source licenses

Staying on top of your open source licenses is important to avoid loss of reputation or potential legal costs. Bytesafe helps you identify open source licenses in all files and not just what exists in the package.json file. See a breakdown of licenses you use, identify potential license issues and see the source of a license for a specific package, all from Bytesafe.


Want to learn more?

10 npm best practices

Learn why to use private registries, why using curated registries is a good practise, what you can do to stay in control of your package workflows and more.


Get started with Bytesafe in less than a minute

Simple steps on how to create your own Bytesafe workspace for free and benefit from all features Bytesafe provides to secure your software supply chain.


Any questions or feedback?

If you have any questions or feedback, please contact me directly at daniel@bytesafe.dev. Any feedback is appreciated!

To receive updates from Bytesafe, just follow bytesafedev on Twitter.

Follow Bytesafe on Twitter Bytesafe - A better way to control your software supply chain | Product Hunt

Top comments (0)