Development

NodeSource Introduces Certified Modules to Improve Node.js Security

1 Dec 2016 12:44pm, by

Node.js has evolved since its inception seven years ago to become arguably one of the largest open source ecosystems in the world with no signs of slowing down. It is now growing at a pace to exceed 11 million users, doubling since last year. Today, it is used increasingly in combination with Docker and container orchestration platforms such as Kubernetes as a way to orchestrate complex services that integrate developer platforms and back-end operations.

In this episode of The New Stack Makers podcast, NodeSource founder and CTO Dan Shaw sat down with TNS founder Alex Williams during the Node.js Interactive to talk about some of the latest projects happening at NodeSource, the growth of Node.js over the years, and why Node is growing across the spectrum, from individual users to large corporations.

In the days before Node.js, Shaw said they had to resort to making the best of it with Java and Jetty. Working with WebSockets was often tedious and time-consuming. After finding Node.js, Shaw noted that “I was iterating through the entire development lifecycle with Node in a matter of moments. That really began to illuminate in my mind why Node is the future, and completely transforms how we develop software. You’re able to iterate on the back end and deliver those experiences rapidly.”

Building on the success of its commercial, enterprise-grade Node.js platform NSolid, NodeSource has introduced what it is calling NodeSource Certified Modules, built to help developers and DevOps teams avoid untrusted third-party Javascript every time they run NPM-install. “This is NodeSource’s answer to how you are managing all of that complexity in the vast ecosystem of modules that are available. How do you select quality, trust that modules are secure and that they work with an infrastructure that is going to address the needs of organizations that increasingly have to live at a velocity that can’t stop?” said Shaw.

The decision to create NodeSource Certified Modules came from direct feedback heard from customers, developers, and DevOps teams working with Node.js in production at scale. They wanted to have “the same level of security and compliance that we have in our Java and .NET infrastructure,” Shaw explained.

As the conversation drew to a close, Shaw noted that despite continued community interest for Node.js projects, platforms, and toolkits, one can’t expect any single tool to solve all the problems currently facing Node.js today. Rather than put all their eggs in one basket, Shaw urged developers to remember that, “We’re trying to build software. We’re not trying to boil the ocean to solve all the problems of the Node ecosystem.”

December 12, 2016 // New York City @ Conrad New York

December 12, 2016 // New York City @ Conrad New York

Let’s have some pancakes at Tectonic Summit! Come have a short stack with The New Stack as we discuss how enterprises are scaling containers across their organizations. What are the use cases that are emerging as companies adopt practices for application management?

NodeSource sponsored this story.

A newsletter digest of the week’s most important stories & analyses.