Node Certified Modules

The N|Solid in the IDE Node Certified Modules view helps you evaluate npm packages without leaving the editor. It combines package intelligence from NCM with guided AI workflows so you can inspect package quality, review vulnerability data, audit dependency trees, and decide whether to upgrade or replace a package.

In practice, NCM support appears in two main ways:

• The NCM Actions window gives you guided actions for common dependency and security tasks.
• Inline hovers, diagnostics, and code lenses surface NCM data directly in package.json, lockfiles, and source imports.

NCM Actions Window

The NCM Actions window is organized into sections that group related workflows.

Security

These options are designed for workspace-wide dependency review and remediation planning.

• Run Security Audit -- Scans workspace dependencies for known vulnerabilities. Use this when you want a direct audit pass across your current project.
• Chat Security Audit -- Starts an interactive audit workflow in chat. Use this when you want N|Solid in the IDE to go beyond listing issues and generate remediation guidance.
• Lockfile Analysis -- Focuses on the full transitive dependency tree in the lockfile. Use this when direct dependencies look fine, but you need to inspect deeper package chains, inherited risk, or policy violations coming from nested dependencies.

Packages

These options are best when you already know which package you want to investigate.

• Upgrade Package -- Opens a guided package upgrade workflow. Use this when a package is outdated or vulnerable and you want version-aware upgrade advice before making changes.
• Find Replacement -- Suggests alternatives for a package. Use this when a dependency is deprecated, risky, or no longer a good fit for the project.
• Check Package -- Reviews the security and quality of a specific package. Use this for a quick package assessment before adopting it or when triaging a dependency that looks suspicious.

Node.js

• Node.js Upgrade Guide -- Opens guidance for upgrading your Node.js runtime. Use this when package remediation depends on moving to a newer supported Node.js version.

Inline NCM Features

The NCM window is only one entry point. N|Solid in the IDE also surfaces NCM results directly where package decisions happen:

• package.json hovers show package details such as vulnerability severity, license status, module risks, code quality signals, deprecation notices, latest version information, and quick actions.
• Import hovers bring similar package intelligence into JavaScript and TypeScript source files when you hover imported packages.
• Lockfile hovers help inspect resolved dependency versions and transitive packages in package-lock.json, yarn.lock, and pnpm-lock.yaml.
• Code lenses on imports provide a quick "Check vulnerabilities" action for packages used in source files.
• Diagnostics add inline warnings and informational markers for vulnerabilities, outdated packages, deprecations, license concerns, and module risks.

How NCM MCP Is Used

N|Solid in the IDE uses NCM MCP as the package intelligence backend behind these workflows. In the extension, NCM MCP is used to fetch package data for direct and transitive dependencies and then feed that data into hovers, diagnostics, code lenses, audits, and chat-driven actions.

NCM MCP powers checks such as:

• Known vulnerability lookups
• Latest available version data
• License policy status
• Module risk signals
• Code quality indicators
• Package metadata used in upgrade and replacement guidance

In practical terms, this means the NCM Actions window and inline dependency features are not isolated tools. They are different ways of using the same NCM-backed package context depending on whether you want a guided workflow, a quick package check, or a full dependency audit.

NCM-Related Skills and Chat Workflows

N|Solid in the IDE also uses NCM-backed chat workflows for deeper analysis. The main NCM-related skills and commands are:

• /audit -- Audits workspace dependencies and produces remediation guidance using NCM MCP.
• /upgrade <package> -- Builds upgrade guidance for a specific package using NCM package and version analysis.
• /replace <package> -- Suggests safer or more maintainable replacement packages using NCM quality and risk context.
• General NCM package prompts -- Prompts such as "Using NCM MCP, tell me about the security and quality of package-name" support ad hoc package review outside the fixed slash commands.

Reports

Many NCM-driven actions generate reports or analysis output that can be reviewed later in the Reports window. If you want to revisit audit findings, compare prior analyses, or review saved AI-generated guidance, continue to the Reports documentation.