Introduce NPM Audit to the GitLab NPM Registry

Problem to solve

The GitLab NPM Registry allows node.js developers to build and publish images to GitLab. However, we do not take full advantage of NPM's capabilities with regards to security and vulnerability scanning.

npm audit is a command that performs a security review of the dependency tree. Audit reports contain information about security vulnerabilities in dependencies and can help fix a vulnerability by providing simple-to-run npm commands and recommendations for further troubleshooting.

Intended users

• Software Developer
• DevOps Engineer
• Systems Administrator
• Security Analyst

Further details

Proposal

Add npm audit to the list of supported commands for the NPM Registry and UI so that users can view and remediate any security vulnerabilities as part of their registry.

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.