New in Nexus Repository 3.23: Nexus Intelligence via npm audit

We are excited to announce the official release of Nexus Repository 3.23. In this release, we continue the story of our enhanced JavaScript support with the new Nexus Intelligence via npm audit feature** available to both Nexus Repository OSS and Pro users. Over the past couple months, Sonatype product teams have been hard at work delivering a new proprietary JavaScript scanning algorithm, npm automated pull requests for GitHub, and now Nexus Platform support for the npm audit command.

** Note: Nexus Intelligence via npm audit requires an organization to own a license of Nexus Firewall or Nexus Lifecycle

What is the npm audit command?

Back in 2018, npm released a new client command called “npm audit” to run an audit report of npm packages and dependencies. Running the command retrieves security information from and lists all known vulnerable dependencies in your package.json file. This powerful tool ensures the quality and integrity of an npm developer’s code and continues to be a very popular command in the JavaScript community.

Npm also added an “npm audit fix” command that will upgrade a dependency to the latest version without a violation.

Nexus Intelligence via npm audit

So, what is this new feature from Sonatype? How does Nexus Intelligence improve the npm audit command?

Nexus Intelligence via npm audit allows developers to check for policy violations in their Javascript projects, using the npm audit command built into the npm CLI, coupled with the precise data of Nexus Intelligence. Audit reports show vulnerable components and information, including the: security level, affected package(s), path(s), and dependencies of the component. All of this serves developers the in-depth and high quality data of Nexus Intelligence.

The following are key benefits of using this new feature for Nexus Repository OSS and Pro developers:

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Brent Kostak. Read the original post at: