1. Package Managers

npm, bower, jspm, jam, volo

npm is best, because it offers everything, like linting, transpiling, etc.

1.1. Security Scanning

Anyone can creates npm package, so we need to security scanning.

  • retire.js
  • node security platform (better)

1.1.1. Usage of node security platform

npm install -g nsp
cd your-project
nsp check   # result usually: (+) No known vulnerabilities found

When to Run Security Check

Manually          - Easy to forget
npm install       - May be issue later
production build  - Expensive to change
pull request      - Expensive to change
npm start         - Slows start slightly
Copyright © Guanghui Wang all right reserved,powered by GitbookFile Modified: 2019-08-25 13:56:34

results matching ""

    No results matching ""