Comments (6)
@Y-LyN-10 good question/suggestion. 🤔
as much as it pains me that Node Security Platform has been "rolled into NPM"
(meaning there is no longer an NSP Badge) it's a reality we all have to live with.
I really like what @guypod is doing with Snyk.
They have assembled a great team of people to build the product;
@remy is easily one of the best JS devs in the world! He is a "Mida"! 😮 ⭐️
Snyk is a well-documented/maintained library https://github.com/snyk/snyk
As a side note, Guy's Podcast, "The Secure Developer" is a "must" for all devs!
subscribe if you aren't already: https://www.heavybit.com/library/podcasts/the-secure-developer 🥇
from repo-badges.
Is snyk an appropriate alternative?
from repo-badges.
https://twitter.com/snyksec/status/1067283633805959168
from repo-badges.
According to their newsletter and Twitter feed, NSP's service is now integrated into NPM and thus audits could be done by using npm audit
and vulnerabilities are shown for vulnerable packages being installed.
Not sure if that's what Github uses too for vulnerability checks.
As for the badge (which brought me here), I have no idea what will replace the defunct NSP badge.
from repo-badges.
- Visit: https://snyk.io
- Click the "Signup with GitHub" button/link:
- Click the button to "Athorise Snyk":
- Click to "Connect with GitHub":
- Again click "Connect with GitHub":
- By default Snyk requests access to both
public
andprivate
repos,
Select whatever is relevant to you and continue:
- I selected only
public
repositories as I always follow the "principal of least privilege":
- Confirm the access that Snyk is requesting:
- Connect to Snyk to a GitHub Repository:
- Select the desired repository: (in this case
hapi-auth-jwt2
...)
- Add selected repo:
- Wait for the repo to be imported by Snyk:
- Once the repo has finished importing, refresh the page to see your dashboard:
- From the Snyk dashboard. Click on the project you want to view:
- Copy the Snyk "Badge" for inclusion in your project:
Badge Format:
[![Known Vulnerabilities](https://snyk.io/test/github/{username}/{repo}/badge.svg)](https://snyk.io/test/github/{username}/{repo})
[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)
Going to PR this change now.
from repo-badges.
@getaaron do you have a suggestion?
It's unclear from the statement if NPM will include the service in their offering ... 🤔
from repo-badges.
Related Issues (20)
- is hit count working? HOT 2
- Typo in readme HOT 1
- Hit Count not working
- List of badges
- Documentation Badge for Private Repos HOT 2
- Libraries.io Elixir Dependency Status via Shields.io HOT 2
- Remove bithound from docs as it seems to be not working HOT 3
- Petty Description Update Request HOT 2
- Might BadgeList be useful to DWYL members and the DWYL team?
- l found a error! HOT 4
- hits github integration HOT 3
- Hit counter not working
- GitHub Actions Badge (CI Build Passing) HOT 3
- Inch-CI Offline `404` 🤷♂️
- update readme links
- Some badges on the read me doesn't appear correctly HOT 2
- License not mentioned
- NodeICO badge seems to be broken for a while, and should stop being recommended
- Reuse outside of NPM? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from repo-badges.