Using NCM3 with N|Solid
NodeSource Certified Modules v3 (NCM 3)
Table of Contents
Using NCM 3 with the Console.
The Console has a dedicated section for NodeSource Certified Modules v3.
-
Open the Process Detail View of the process and navigate to the modules tab
-
To see details in the NCM 3 report, just click the magnifying glass icon of the package that you want to review to see NCM details and a dependency tree for the package.
-
Use the AI Report button next to the package title to prompt the N|Solid Copilot to generate a package report and summary.
Learn more about NCM 3 reports.
N|Solid strict mode
The N|Solid strict mode can be used with the prompt nsolid-strict instead of the well known nsolid, the key difference between strict and regular mode is that the strict mode will stop any application with encountered vulnerabilities identified by the NodeSource Certified Modules v3.
Example running vulnerable apps and secure apps respectively:
$ nsolid-strict vulnerable-node-app.js
nsolid STRICT MODE verifying...
Unsecure server running normally :)
nsolid STRICT MODE access denied due to policy violation:
{
"package": "unsecure-pkg",
"version": "1.19.4",
"group": "risk",
"name": "has-install-scripts",
"pass": false,
"severity": "CRITICAL",
"title": "This package version has install scripts: postinstall."
}
$ nsolid vulnerable-node-app.js
Unsecure server running normally :)
$ nsolid-strict secure-node-app.js
nsolid STRICT MODE verifying...
Secure server running normally :)
