Closed getaaron closed 5 years ago
@getaaron do you have a suggestion? It's unclear from the statement if NPM will include the service in their offering ... 🤔
According to their newsletter and Twitter feed, NSP's service is now integrated into NPM and thus audits could be done by using npm audit
and vulnerabilities are shown for vulnerable packages being installed.
Not sure if that's what Github uses too for vulnerability checks.
As for the badge (which brought me here), I have no idea what will replace the defunct NSP badge.
@Y-LyN-10 good question/suggestion. 🤔 as much as it pains me that Node Security Platform has been "rolled into NPM" (meaning there is no longer an NSP Badge) it's a reality we all have to live with.
I really like what @guypod is doing with Snyk. They have assembled a great team of people to build the product; @remy is easily one of the best JS devs in the world! He is a "Mida"! 😮 ⭐️ Snyk is a well-documented/maintained library https://github.com/snyk/snyk
As a side note, Guy's Podcast, "The Secure Developer" is a "must" for all devs! subscribe if you aren't already: https://www.heavybit.com/library/podcasts/the-secure-developer 🥇
public
and private
repos,
Select whatever is relevant to you and continue:public
repositories as I always follow the "principal of least privilege":hapi-auth-jwt2
...)Badge Format:
[![Known Vulnerabilities](https://snyk.io/test/github/{username}/{repo}/badge.svg)](https://snyk.io/test/github/{username}/{repo})
[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
Going to PR this change now.
https://nodesecurity.io/services:
This repo should recommend a replacement for new projects.