requireSafe joins Code Climate
requireSafe (available in beta) audits your Node.js modules using a seasoned auditing team and alerts you to vulnerabilities when Node Security Project advisories are created or updated. Of interest specifically is the use of the CLI tool to help identify known vulnerabilities in your own projects.
To make this available to as many developers as possible, we’re releasing requireSafe as an open source “Engine” for the Code Climate platform. This means requireSafe can be used in the cloud as part of Code Climate’s hosted analysis, or on your command line with their open source CLI. This is great news for anyone writing Node.js, regardless of the size or type of your project.
For small teams, running requireSafe on Code Climate provides access to the community’s best security expertise at SaaS prices, while larger organizations benefit from automating company-wide standards enforcement and dependency checking.
Open source maintainers struggling to integrate security tools into their processes will enjoy having dependencies cross referenced against the requireSafe database alongside Code Climate’s built-in support for streamlining contribution management. Plus, ^Lift and Code Climate are both big fans of OSS, so open source projects will always have free access to requireSafe on Code Climate!
For more information on how to get started, see Code Climate’s Changelog.
We’re very excited to get a great tool like requireSafe out to an even greater community. Here’s to a future of shipping excellent, quality code and software together.