NodeSource Addresses Compliance and Security for Node.js Apps

    There’s no doubt that in terms of frameworks for developing applications, Node.js has emerged as a clear favorite among the many derivatives of Javascript. But as IT organizations move to deploy Node.js applications, many of them are encountering roadblocks in the form of compliance issues. No central authority exists that assures an organization that any of the components that make up a Node.js application don’t have some known vulnerability.

    Aiming to provide that assurance, NodeSource today announced NodeSource Certified Modules, a registry through which it certifies that various Node.js modules are stable and secure.

    NodeSource CEO Joe McCann says that as IT organizations have embraced Node.js on both clients and servers as an alternative to legacy programming languages such as Java, it’s become apparent there needs to be a better mechanism for addressing a range of compliance issues.

    McCann notes that there are now over 400,000 modules available across the Node.js ecosystem, which makes it impossible for most IT organizations on their own to keep track of in terms of vulnerabilities.

    “We’re adding a layer of trust to Node.js,” says McCann.


    Given the popularity of Node.js, it’s apparent that more enterprises than ever are voting with their feet to embrace an open source framework that makes it simpler for them to develop applications that can run anywhere. The challenge they now face is trying to pass a security audit once they decide to move those applications into a production environment.

    Mike Vizard
    Mike Vizard
    Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles