Skip to main content
Version: 6.1.0

Using NCM2 with N|Solid

NodeSource Certified Modules v2 (NCM 2)

Table of Contents

Using NCM 2 with the Console.

The Console has a dedicated section for NodeSource Certified Modules v2.

  1. Open the Process Detail View of the process.

    Process Detail

  2. Click the modules tab and look at the NCM column.

    Console modules tab

  3. To see details in the NCM 2 report, just click the magnifying glass icon of the package that you want to review to see NCM details.

    NCM detailed report

Learn more about NCM 2 reports.

N|Solid strict mode

The N|Solid strict mode can be used with the prompt nsolid-strict instead of the well known nsolid, the key difference between strict and regular mode is that the strict mode will stop any application with encountered vulnerabilities identified by the NodeSource Certified Modules v2.

Example running vulnerable apps and secure apps respectively:

$ nsolid-strict vulnerable-node-app.js
nsolid STRICT MODE verifying...
Unsecure server running normally :)
nsolid STRICT MODE access denied due to policy violation:
{
"package": "unsecure-pkg",
"version": "1.19.4",
"group": "risk",
"name": "has-install-scripts",
"pass": false,
"severity": "CRITICAL",
"title": "This package version has install scripts: postinstall."
}

$ nsolid vulnerable-node-app.js
Unsecure server running normally :)
$ nsolid-strict secure-node-app.js
nsolid STRICT MODE verifying...
Secure server running normally :)