NPM

Definition

NPM (Node Package Manager) is a package manager for the JavaScript programming language, primarily used to manage dependencies for Node.js applications. It allows developers to install, update, and manage libraries and tools required for their projects. NPM also provides a registry for publishing and sharing open-source JavaScript packages.

Secure Settings Example

{
  "scripts": {
    "preinstall": "npx npm-audit-resolver"
  },
  "dependencies": {
    "express": "^4.17.1"
  },
  "devDependencies": {
    "npm-audit-resolver": "^2.1.0"
  },
  "audit": true,
  "package-lock": true
}

This configuration ensures that npm audit is run before installation to check for vulnerabilities, and the use of a package-lock.json file ensures consistent dependency versions.

Insecure Settings Example

{
  "scripts": {
    "preinstall": "echo 'Skipping audit...'"
  },
  "dependencies": {
    "express": "*"
  }
}

This configuration skips security audits and uses a wildcard version for dependencies, which can lead to the installation of potentially vulnerable or incompatible versions.