FOSSA Partners with npm to Discover JavaScript License Dependencies

Mike Vizard
Slide Show

5 Tips to Successfully Plan for IT Modernization

Thanks to the proliferation of open source code, there are more options than ever for developing applications. Keeping track of the potential licensing issues associated with all the dependencies that exist in that software is a whole other matter.

To address that issue, FOSSA, a provider of tools that scan for those dependencies, announced today that its tools can now be integrated with npm Enterprise from npm, Inc., an instance of the directory that is used to make it easier to share software modules written in JavaScript within a corporate environment.

Over four billion JavaScript artifacts have been downloaded via the public npm directory. The enterprise edition of npm gives enterprise IT organizations the ability to set up their own private directory. By integrating the tools from FOSSA, Benjamin Coe, head of product for npm, Inc., says it’s now simpler for developers to discover licensing and compliance issues before they implement either open source or commercial software within the scope of a larger project. That approach, says Coe, eliminates the costs of having to replace a software component when someone from the compliance office discovers the issue just before the application is scheduled to go into production. The alliance with FOSSA is one of several through which npm is extending the reach and scope of npm Enterprise via a published application programming interface.


Software licenses are often the bane of application development in the enterprise. Developers tend to get excited about one module or another without checking on which actual rights the organization might have to the software. In far too many cases, there are not only financial implications, but any and all modifications made to that software can become the property of an open source project or the commercial entity that created the original module.

With the rise of open source and repositories such as npm and Github, the way applications are constructed, deployed and managed has been utterly transformed. But for all the productivity those tools have helped advanced, the fact remains that navigating licensing terms and conditions is a dark art. Understanding the implications of those terms and conditions before any additional code is written can easily be the difference between creating the next big thing in the enterprise and a legal quagmire that everyone involved comes to deeply regret.



Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.