Replace the Node Security Platform before its shutdown on 9/30
From: https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting
The Node Security Platform service will stop working on September 28, 2018.
As Node Security Platform is one the sources for ~"dependency scanning", we need to find a solution by that date. This issue is to drive this migration and evaluate our options.
Npm is now providing built-in security, so maybe we can just have a wrapper around npm audit
:
a new command in npm@6,
npm audit
, will soon allow you to recursively analyze your dependency trees to identify specifically what’s insecure — so you can swap in a new version or find a safer alternate dependency.
/cc @bikebilly
Edited by Fabio Busatto