New Guide: Firewall's Policy Compliant Component Selection for npm

The Technical Content team is excited to announce the release of a brand new guide, "Firewall’s Policy Compliant Component Selection for npm."

To protect against unknown, suspicious, and malicious components, Nexus Firewall will quarantine new versions of some components until they are deemed safe.

To make managing package versions easier, repositories using Firewall now return the latest package version that complies with your policy standards, unless there is a specified version in the package.json. Any quarantined versions will be removed from your repository. This saves developers and security teams time managing dependency versions.

Check out this guide that covers Nexus Firewall’s policy compliant component selection for npm.

Let us know what you think below!

I’d love to see this feature in the Java ecosystem. Is this on the roadmap?

@jeff.wise I spoke with our Firewall Product Manager and he let me know that it is a candidate for next year’s road map and something being considered. He would be interested to know more about why you need it (either in this thread or feel free to DM me and I can connect you with him!)

Great feature to take care of all kind of vulnerabilities associated with using :latest.