NodeSource Addresses Compliance and Security for Node.js Apps


There’s no doubt that in terms of frameworks for developing applications, Node.js has emerged as a clear favorite among the many derivatives of Javascript. But as IT organizations move to deploy Node.js applications, many of them are encountering roadblocks in the form of compliance issues. No central authority exists that assures an organization that any of the components that make up a Node.js application don’t have some known vulnerability.

Aiming to provide that assurance, NodeSource today announced NodeSource Certified Modules, a registry through which it certifies that various Node.js modules are stable and secure.

NodeSource CEO Joe McCann says that as IT organizations have embraced Node.js on both clients and servers as an alternative to legacy programming languages such as Java, it’s become apparent there needs to be a better mechanism for addressing a range of compliance issues.

McCann notes that there are now over 400,000 modules available across the Node.js ecosystem, which makes it impossible for most IT organizations on their own to keep track of in terms of vulnerabilities.

“We’re adding a layer of trust to Node.js,” says McCann.


Given the popularity of Node.js, it’s apparent that more enterprises than ever are voting with their feet to embrace an open source framework that makes it simpler for them to develop applications that can run anywhere. The challenge they now face is trying to pass a security audit once they decide to move those applications into a production environment.