Npm, Inc. has announced it is acquiring ^Lift Security and its Node Security Platform. ^Lift Security is an application security and penetration testing solution provider. The acquisition is meant to add to npm’s initiatives of improving the security of open-source software, as well as creating products that enable companies to securely develop JavaScript.
According to the company, since npm started, it has been using ^Lift Security as a tool for assessing the security of the npm Registry, analyzing software published to that registry, and identifying vulnerabilities in open-source code.
^Lift Security also maintains the Node Security Platform, providing data about JavaScript vulnerabilities to developers and security vendors.
A recent survey from the Node.js Foundation and JS Foundation found 77 percent of developers are concerned about the security of open-source code. IN addition, more than 9.7 million JavaScript developers and 4.2 billion end-users rely on JavaScript apps, according to npm.
“npm is where the Node Security Platform belongs,” said Adam Baldwin, founder of ^Lift Security, who will be joining npm, Inc. as its head of security. “All NSP users are npm users, and the security of open source code is core to npm’s mission. By combining our resources, we can deliver a continuous approach to security at scale, empowering millions of developers to build more secure code—and be prepared to defend against and respond to threats as they encounter them.”
The company also announced it will be releasing new security features later this month for users of the npm Registry. It will also release security products that are tailored to the unique requirements of corporate software developers and enterprises.
“^Lift’s expertise and the wealth of knowledge embodied in the Node Security Platform are unparalleled and impossible to imitate,” said Isaac Z. Schlueter, founder and chief executive of npm, Inc. “As one team, we’ll continue keeping the npm Registry safe, and develop new ways to help individuals and companies understand and trust the JavaScript code they write and share. Uniting NSP and npm is the single best way to make JavaScript safer for consumers, publishers and enterprises.”