June 3, 2018
It has been a while I have been reading about the major changes that areintroduced in Node.js 9.x.x / NPM 6.x.x and myself faced by Node.js application going to a toss after I upgraded to Node.js 9.x.x, as I always keep Node.js up to date in my development environment.
I use NVM(Node Virtual Manager) to switch between different version of Node.js and I love the flexiblity NVM provides. So I was able to quickly switch back to 8.x.x version, when I figured out this change.
But npm packgage downgrade did not work using “npm install –g firstname.lastname@example.org” due to old traces of 6.x.x I had to clean up my npm cache and do npm install again.
Introduction – The “npm audit” command:
Recently with 6.0.0 NPM team has introduced many improvements such as :
a.) Provide protection against insecure code into the workflow during your npm install . When a user downloads code from the npm Registry, npm will review the request against the Node Security Platform database and return a warning if the code contains a vulnerability.
b.) Package signing for publishers. npm-signature field will allow users of npm packages to verify the integrity of the package regardless of the tools they use to retrieve it or the registry from which they download it.
c.) Security auditing capability (which I am covering in this article).
The audit capability, which provides an ability to perform a security audit on your project and dependency components. To simplify it provides a moment-in-time security review of your project’s dependency tree.
- It will scan your project for any vulnerabilities.
- You can choose the option to automatically install the compatible updates vulnerable dependencies.
- Audit reports contain information about security vulnerabilities in your dependencies.
- This report also contains necessary steps to be taken to fixe these vulnerability. For example, by running an npm install <package>@new-version.
- It would work very well with your private/enterprise registries such as artifactory etc.
- It will allow the developer to recursively analyze trees of dependent code to identify specifically what’s insecure.
The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.
Quick Insight on the new commands:
- npm audit – Scan your project for vulnerabilities and just show the details, without fixing anything.
- npm audit [—json] – To provide report in Json format.
- npm audit fix – to scan and fix all vulnerabilities
- npm audit fix –only=prod – to skip updating devDependecies
- npm audit fix –force – will install semver-major updates to all top level dependencies.
- npm audit fix –dry-run –json – to do a dry run on the fixes and provide you a report.
NB: Npm audit fix runs a full npm install under the hood, all configs that apply to the “npm audit fix” will also apply to npm install.
It has been a while I have written something on my blog. I thought of getting started again with a good news that Microsoft Azure team has announced the general availability of Azure Database Services for MySQL and PostgreSQL. In my earlier posts, I have provided some oversight into Preview Availability of these services as part of the Azure cloud. Now that it is generally available, customers should be able to utilize these services for their general purpose or enterprise level database requirements in Azure Cloud.
You may read about it more on Microsoft announcement blog Announcing general availability of Azure database services for MySQL and PostgreSQL by Tobias Ternstrom Principal Group Program Manager, Azure Data
February 12, 2013
Jump Start – February 19: Building Web Apps with ASP.NET (February 19)
An accelerated introduction to building modern web applications with ASP.NET 4.5 and ASP.NET MVC 4 team-taught by Scott Hanselman and Jon Galloway.
Windows Azure Hands-on Labs Online Training (February 20)
Learn how to connect a Paas application to an Iaas application. Matt Hester will be available to help you work through configuring a simple web app, publish to Windows Azure, and run it in the cloud. Download the free Azure 90-day trial for the hands-on portion of this training.
Jump Start – February 21: Building Apps for Windows 8 and Windows Phone 8
Compare and contrast Windows 8 and Windows Phone 8 with an eye to understanding how to maximize the code you reuse when building for both platforms. Dive into guidance, best practices, patterns, and techniques that will help you deliver apps with maximum code reuse.
Watch the previous jump start series:
Building Your Windows 8 Apps with XAML and Blend
Jerry Nixon welcomes Navit Saxena and Hari Menon from the Microsoft Blend team to discuss the latest features and improvements made in Blend as it pertains to XAML developers and its integration with Visual Studio 2012. Tune in to hear how Blend can make life much easier for Windows 8 app developers. Get 30 days of free help to build your own app – sign up today at Generation App.
[Courtesy: Channel9, MSDN Flash, Microsoft Virtual Academy(MVA) , Microsoft]
October 16, 2012
.NET, All, Announcements, Community, Dev Community, Events, Microsoft, PodCasts, Recommends, Tech Days, Tech Newz
Microsoft has announcement the Community Tech-days 2012 which is going to happen in all the cities in India. This is the first time Microsoft has announced such a big opportunity for developer community all over india to experience the ultimate developer event “Microsoft Community Techdays“.
You can find the details about all available locations : http://www.microsoft.com/india/events/techdays/locations.aspx
Here is the agenda for Hyderabad on 28th November 2012
|08:30 am – 10:30 am
|10:00 am – 10:30 am
|10:30 am – 11:15 am
||Platform for Windows Store Style Apps
|11:15 am – 11:30 am
|11:30 am – 12:15 pm
||Designing a Windows Store App
|12:15 pm – 01:00 pm
||Windows RT for the .NET Developer
|01:00 pm – 01:30 pm
||IE10 – Moving the web forward
|01:30 pm – 02:30 pm
|02:30 pm – 08:00 pm
NB: Agenda may change based on the availability of speakers.
For event updates and registration visit – http://www.microsoft.com/india/events/techdays/
Read more on relating article at ComputerWorld India news
Stardock Corporation(makers of ObjectDock and WindowBlinds) has released a free tool – Start8 – that will bring Start Menu back to your Windows 8 PC.
This tool will give you a native looking Start Menu to your Windows 8 OS, with more familiar programs listing. It would be useful to all Windows enthusiasts who are really missing Start Menu in your Windows 8 PC.
You can register and download free version of START8 from here.
Here is some screen shots on how it looks.