Tech Newz

Node.js 9.x.x and npm 6.x.x – “npm audit” to identify and fix security vulnerabilities in dependencies

June 3, 2018 JavaScript, Javascript Development, Modern Web Development, Node.js, NPM, OpenSource, Package Manager, Tech Newz, TypeScript, Web No comments

nodejs-npm

It has been a while I have been reading about the major changes that areintroduced in Node.js 9.x.x / NPM 6.x.x and myself faced by Node.js application going to a toss after I upgraded to Node.js 9.x.x, as I always keep Node.js up to date in my development environment.

I use NVM(Node Virtual Manager) to switch between different version of Node.js and I love the flexiblity NVM provides. So I was able to quickly switch back to 8.x.x version, when I figured out this change.

But npm packgage downgrade did not work using “npm install –g npm@5.x.x” due to old traces of 6.x.x   I had to clean up my npm cache and do npm install again.

Introduction – The “npm audit” command:

Recently with 6.0.0 NPM team has introduced many improvements such as :

a.) Provide protection against insecure code into the workflow during your npm install . When a user downloads code from the npm Registry, npm will review the request against the Node Security Platform database and return a warning if the code contains a vulnerability.

b.) Package signing for publishers.   npm-signature field will allow users of npm packages to verify the integrity of the package regardless of the tools they use to retrieve it or the registry from which they download it.

c.) Security auditing capability (which I am covering in this article).

The audit capability, which provides an ability to perform a security audit  on your project and dependency components.  To simplify it provides a moment-in-time security review of your project’s dependency tree.

  • It will scan your project for any vulnerabilities. 
  • You can choose the option to automatically install the compatible updates vulnerable dependencies.
  • Audit reports contain information about security vulnerabilities in your dependencies.
  • This report also contains necessary steps to be taken to fixe these vulnerability. For example, by running an npm install <package>@new-version.
  • It would work very well with your private/enterprise registries such as artifactory etc. 
  • It  will allow the developer to recursively analyze trees of dependent code to identify specifically what’s insecure.

The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.

Quick Insight on the new commands:

  • npm audit      – Scan your project for vulnerabilities and just show the details, without fixing anything.
  • npm audit [—json]      – To provide report in Json format.
  • npm audit fix   – to scan and fix all vulnerabilities
  • npm audit fix –only=prod     – to skip updating devDependecies
  • npm audit fix –force  – will install semver-major updates to all top level dependencies.
  • npm audit fix –dry-run –json   – to do a dry run on the fixes and provide you a report.

NB: Npm audit fix runs a full  npm install under the hood, all configs that apply to the “npm audit fix”  will also apply to npm install.

References:

General Availability of Azure Database Services for MYSQL and PostgreSQL

March 23, 2018 Azure, Cloud Computing, Cloud Services, Data Services, Emerging Technologies, Microsoft, Tech Newz, VisualStudio, VS2017 No comments

It has been a while I have written something on my blog. I thought of getting started again with a good news that Microsoft Azure team has announced the general availability of Azure Database Services for MySQL and PostgreSQL. In my earlier posts, I have provided some oversight into Preview Availability of these services as part of the Azure cloud. Now that it is generally available, customers should be able to utilize these services for their general purpose or enterprise level database requirements in Azure Cloud.

You may read about it more on Microsoft announcement blog Announcing general availability of Azure database services for MySQL and PostgreSQL  by Tobias Ternstrom Principal Group Program Manager, Azure Data

Upcoming Webinars and Trainings on Microsoft Technologies(Windows 8, Windows Phone 8, Windows Azure, HTML5) – Feb 2013

February 12, 2013 .NET, All, ASP.NET, ASP.NET MVC, Azure, Channel9, Community, JavaScript, JumpStarts, KnowledgeBase, Microsoft, Microsoft SDKs, Mobile-Development, MSDN, MVA, Recommends, Tech Newz, Training-Kits, Web API, Webinars, Windows, Windows 8 apps development, Windows Azure, Windows Azure Development, Windows Phone, Windows Phone 7.1 SDK, Windows Phone 7.8, Windows Phone 8, Windows Phone 8.0 SDK, Windows Phone Development, Windows Phone SDK, Windows Phone Store, Windows Store Development, Windowz Azure No comments

Jump Start – February 19: Building Web Apps with ASP.NET (February 19)
An accelerated introduction to building modern web applications with ASP.NET 4.5 and ASP.NET MVC 4 team-taught by Scott Hanselman and Jon Galloway.

Windows Azure Hands-on Labs Online Training (February 20)
Learn how to connect a Paas application to an Iaas application. Matt Hester will be available to help you work through configuring a simple web app, publish to Windows Azure, and run it in the cloud. Download the free Azure 90-day trial for the hands-on portion of this training.

Jump Start – February 21: Building Apps for Windows 8 and Windows Phone 8
Compare and contrast Windows 8 and Windows Phone 8 with an eye to understanding how to maximize the code you reuse when building for both platforms. Dive into guidance, best practices, patterns, and techniques that will help you deliver apps with maximum code reuse.

Jump Start – – February 28: Advanced Windows 8 App Development Using JavaScript
Join Jeremy Foster and Michael Palermo for a free Jump Start on optimizing and supporting Windows Store apps. It’s a fast-paced course for experienced developers that can help you prepare for Microsoft Certification Exam 70-482: Advanced Windows Store App Development Using HTML5 and JavaScript.

 

Watch the previous jump start series:

Building Your Windows 8 Apps with XAML and Blend
Jerry Nixon welcomes Navit Saxena and Hari Menon from the Microsoft Blend team to discuss the latest features and improvements made in Blend as it pertains to XAML developers and its integration with Visual Studio 2012. Tune in to hear how Blend can make life much easier for Windows 8 app developers. Get 30 days of free help to build your own app – sign up today at Generation App.

Create Windows Store Apps with HTML5 and JavaScript
This quick, step-by-step article includes code samples for how to create Windows Store apps with HTML5 and JavaScript.

Training Guide: Programming in HTML5 with JavaScript and CSS3
Are you getting ready to take Microsoft Certification Exam 70-480: Programming in HTML5 with JavaScript and CSS3? Buy the ebook version of the new Training Guide and start getting chapters early.

 

[Courtesy: Channel9, MSDN Flash, Microsoft Virtual Academy(MVA) , Microsoft]

Microsoft Community Techdays 2012 – Hyderabad – on Novemeber 28th 2012

October 16, 2012 .NET, All, Announcements, Community, Dev Community, Events, Microsoft, PodCasts, Recommends, Tech Days, Tech Newz 2 comments

Microsoft has announcement the Community Tech-days 2012 which is going to happen in all the cities in India. This is the first time Microsoft has announced such a big opportunity for developer community all over india to experience the ultimate developer event “Microsoft Community Techdays“.

You can find the details about all available locations : http://www.microsoft.com/india/events/techdays/locations.aspx
Here is the agenda for Hyderabad on 28th November 2012

Time Details
08:30 am – 10:30 am Registration
10:00 am – 10:30 am Opening Keynote
10:30 am – 11:15 am Platform for Windows Store Style Apps
11:15 am – 11:30 am Tea Break
11:30 am – 12:15 pm Designing a Windows Store App
12:15 pm – 01:00 pm Windows RT for the .NET Developer
01:00 pm – 01:30 pm IE10 – Moving the web forward
01:30 pm – 02:30 pm Lunch
02:30 pm – 08:00 pm Coding Session

NB: Agenda may change based on the availability of speakers.

For event updates and registration visit – http://www.microsoft.com/india/events/techdays/

Read more on relating article at ComputerWorld India news

Bring Start Menu back to your Windows 8 PC with Start8

September 2, 2012 .NET, All, Microsoft, Softwarez, Tech Newz, Tips & Tricks, Windows, Windows 8 1 comment

Stardock Corporation(makers of ObjectDock and WindowBlinds) has released a free tool – Start8 – that will bring Start Menu back to your Windows 8 PC.

This tool will give you a native looking Start Menu to your Windows 8 OS, with more familiar programs listing. It would be useful to all Windows enthusiasts who are really missing Start Menu in your Windows 8 PC.

You can register and download free version of START8 from here.

Here is some screen shots on how it looks.

image  image