To protect against unknown, suspicious, and malicious components, Nexus Firewall will quarantine new versions of some components until they are deemed safe.
To make managing package versions easier, repositories using Firewall now return the latest package version that complies with your policy standards, unless there is a specified version in the package.json. Any quarantined versions will be removed from your repository. This saves developers and security teams time managing dependency versions.
Check out this guide that covers Nexus Firewall’s policy compliant component selection for npm.
@jeff.wise I spoke with our Firewall Product Manager and he let me know that it is a candidate for next year’s road map and something being considered. He would be interested to know more about why you need it (either in this thread or feel free to DM me and I can connect you with him!)
Thanks for sharing the update! The new guide on Nexus Firewall’s policy-compliant selection for npm sounds like a valuable resource for simplifying secure package management. Looking forward to exploring it further.