Introduce NPM Audit to the GitLab NPM Registry
Problem to solve
The GitLab NPM Registry allows node.js developers to build and publish images to GitLab. However, we do not take full advantage of NPM's capabilities with regards to security and vulnerability scanning.
npm audit
is a command that performs a security review of the dependency tree. Audit reports contain information about security vulnerabilities in dependencies and can help fix a vulnerability by providing simple-to-run npm commands and recommendations for further troubleshooting.
Intended users
Further details
Proposal
Add npm audit
to the list of supported commands for the NPM Registry and UI so that users can view and remediate any security vulnerabilities as part of their registry.
Permissions and Security
Documentation
Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.