FOSSA Partners with npm to Discover JavaScript License Dependencies

    Slide Show

    5 Tips to Successfully Plan for IT Modernization

    Thanks to the proliferation of open source code, there are more options than ever for developing applications. Keeping track of the potential licensing issues associated with all the dependencies that exist in that software is a whole other matter.

    To address that issue, FOSSA, a provider of tools that scan for those dependencies, announced today that its tools can now be integrated with npm Enterprise from npm, Inc., an instance of the directory that is used to make it easier to share software modules written in JavaScript within a corporate environment.

    Over four billion JavaScript artifacts have been downloaded via the public npm directory. The enterprise edition of npm gives enterprise IT organizations the ability to set up their own private directory. By integrating the tools from FOSSA, Benjamin Coe, head of product for npm, Inc., says it’s now simpler for developers to discover licensing and compliance issues before they implement either open source or commercial software within the scope of a larger project. That approach, says Coe, eliminates the costs of having to replace a software component when someone from the compliance office discovers the issue just before the application is scheduled to go into production. The alliance with FOSSA is one of several through which npm is extending the reach and scope of npm Enterprise via a published application programming interface.


    Software licenses are often the bane of application development in the enterprise. Developers tend to get excited about one module or another without checking on which actual rights the organization might have to the software. In far too many cases, there are not only financial implications, but any and all modifications made to that software can become the property of an open source project or the commercial entity that created the original module.

    With the rise of open source and repositories such as npm and Github, the way applications are constructed, deployed and managed has been utterly transformed. But for all the productivity those tools have helped advanced, the fact remains that navigating licensing terms and conditions is a dark art. Understanding the implications of those terms and conditions before any additional code is written can easily be the difference between creating the next big thing in the enterprise and a legal quagmire that everyone involved comes to deeply regret.



    Mike Vizard
    Mike Vizard
    Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles