Using NCM2 with N|Solid
NodeSource Certified Modules v2 (NCM 2)
Table of Contents
Using NCM 2 with the Console.
The Console has a dedicated section for NodeSource Certified Modules v2.
-
Open the Process Detail View of the process.
-
Click the modules tab and look at the NCM column.
-
To see details in the NCM 2 report, just click the magnifying glass icon of the package that you want to review to see NCM details.
Learn more about NCM 2 reports.
N|Solid strict mode
The N|Solid strict mode can be used with the prompt nsolid-strict instead of the well known nsolid, the key difference between strict and regular mode is that the strict mode will stop any application with encountered vulnerabilities identified by the NodeSource Certified Modules v2.
Example running vulnerable apps and secure apps respectively:
$ nsolid-strict vulnerable-node-app.js
nsolid STRICT MODE verifying...
Unsecure server running normally :)
nsolid STRICT MODE access denied due to policy violation:
{
"package": "unsecure-pkg",
"version": "1.19.4",
"group": "risk",
"name": "has-install-scripts",
"pass": false,
"severity": "CRITICAL",
"title": "This package version has install scripts: postinstall."
}
$ nsolid vulnerable-node-app.js
Unsecure server running normally :)
$ nsolid-strict secure-node-app.js
nsolid STRICT MODE verifying...
Secure server running normally :)