According to https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting, NSP will be shutting down September 30, 2018.
What we know:
- Node Security Platform will be shutting down on September 30
- NPM AUDIT, the replacement for NSP CHECK, is available in NPM v6.0 and higher
- The current stable Node.js distribution still ships with NPM v5.6
- NPM AUDIT (as of v6.1 - current release) still relies heavily on Node Security Platform
After investigating the NPM AUDIT API, it is safe to assume that:
- Dependency-Check can safely migrate from using the NSP API to the NPM AUDIT API.
- The NPM AUDIT API provides nearly identical information about the advisories discovered from the package submitted.
- Vulnerability identification should continue to work as before
For organizations that rely on stable Node.js distributions, using Dependency-Check for vulnerability identification will be the only alternative.
Related: DependencyTrack/dependency-track#173
According to https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting, NSP will be shutting down September 30, 2018.
What we know:
After investigating the NPM AUDIT API, it is safe to assume that:
For organizations that rely on stable Node.js distributions, using Dependency-Check for vulnerability identification will be the only alternative.
Related: DependencyTrack/dependency-track#173