📄️ Node Certified Modules v2
Overview
📄️ Migration Guide
If you are upgrading from NCM 1, here are the need-to-know steps for migrating to NCM 2.
📄️ NodeSource Risk Score
NodeSource Certified Modules 2 (NCM 2) calculates a risk score for every third party package on npm. Each module is assessed for security vulnerabilities, license concerns and a series of package risk and quality attributes.
📄️ Compliance
The Compliance group is for special criteria which have elevated legal and/or security implications.
📄️ Risk
The Risk group is for criteria which are intended to indicate whether a package's usage or installation may be abnormally risky, outside of purely security.
📄️ Quality
The Quality group is for criteria which are intended to indicate whether a package conforms to good open-source practices.
📄️ Getting Started
ncm-cli is a command-line tool for NodeSource Certified Modules 2.0, designed to make code quality, security, and compliance a breeze. This allows you to generate a custom project report, fetch compliance and security information, manage organizational whitelists, and inspect specific packages in greater detail -- all from the command-line.
📄️ Reports
ncm report
📄️ Whitelisting Packages
ncm whitelist
📄️ Switching Orgs & Config
ncm orgs \