npm, Inc. Improves JavaScript Security for Enterprise Developers

New tool makes enterprise-grade JavaScript more secure and streamlines developer experience

Major upgrade from npm, Inc. adds package filtering, single sign-on enhancements, and a new vulnerability reporting beta

OAKLAND, Calif.--()--npm, Inc., the JavaScript developer tools provider and operator of the world’s largest software registry, today announced a significant upgrade to npm Enterprise, its flagship product for large organizations and mission-critical software projects. This upgrade delivers new security, workflow, and other features, making enterprise-grade JavaScript development safer and more reliable.

JavaScript is one of the most prevalent technologies in use today, and companies as diverse as J.P. Morgan, Slack, Procter & Gamble, and Uber employ JavaScript prominently within their technology stacks. npm Enterprise is the cloud-based toolset designed for the professional JavaScript development teams building these stacks, all of whom need higher levels of security, compliance, and collaboration.

In addition, npm Enterprise provides enterprise teams their own dedicated namespaces, allows for private packages in addition to its seamless integration with the public registry, and promotes secure code sharing between developers across the enterprise. Developers can publish private packages to their own company registry, or make them open source for anyone to access.

With this new release, npm Enterprise now includes:

  • Package filtering: Gatekeeper technology that allows an administrator to ensure that all JavaScript code across the enterprise complies with company standards before it enters the downstream build and test pipeline.
  • Single sign-on enhancements: Newly broadened SSO protocol support to work with standards used by the majority of enterprises, including OpenID Connect and SAML.
  • User management improvements: Streamlined processes to scale user on-boarding across multiple teams and thousands of users.

These features are live and available today for all npm Enterprise customers.

In addition, npm, Inc. announced its new Enterprise Vulnerability Reporting (EVR) system. This new system combines the expertise, continuous research, and constant vigilance of the npm, Inc. security team with new analytics and reporting functionality, and can generate regular, organization-specific reports on known and emerging threats to a given enterprise’s code base. From its unique vantage point as operator of the registry, npm, Inc. can provide powerful insights to engineering managers, administrators, and corporate security teams, enabling them to make their JavaScript development more reliable and secure.

The new EVR system is in a limited beta and currently available to only a few select enterprise customers, but interested parties can sign up for additional information and request to join the beta program at:

“JavaScript is the most prevalent platform used in development today, and most enterprises depend on it heavily,” said Bryan Bogensberger, CEO of npm, Inc. “But most of the tools those development teams use are woefully inadequate in terms of security, compliance, and quality of developer experience. Our flagship npm Enterprise product closes that gap, and gives them the professional-grade tools they deserve.”

“The benefits of using open source code are immense, if you can manage the risks well, and in a way that doesn’t slow your developers,” said Tim Steele, Manager of Interface Architecture at clothing retailer Express. “Our developers were already big npm fans, so npm Enterprise was a no brainer. It helps us improve the security of our code without altering the developer’s workflow.”

Learn more about npm Enterprise at To learn more about or contribute to open-source npm projects visit

About npm, Inc.

npm, Inc. manages the world's largest collection of reusable code and empowers over 11,000,000 JavaScript developers with industry-leading tools and services. With solutions that support the secure use of packages across teams and enterprises, npm reduces friction and increases efficiency across the software development lifecycle. From individuals to large organizations, npm helps developers maximize the power of open source software. Founded in 2014, npm, Inc. is funded by True Ventures, Bessemer Venture Partners, and Sutter Hill Ventures, and is based in Oakland, CA. To learn more, visit:


Skye Callan
npm, Inc.
(510) 858-7608

Release Summary

npm, Inc. announces a significant upgrade to npm Enterprise, its flagship product for large organizations and mission-critical software projects.


Skye Callan
npm, Inc.
(510) 858-7608