Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-30 22:34:10 -05:00
Code Issues Activity

docs: add statement about npm security best practices (#3324)

Browse source 
OWASP is explicitly mentioning Verdaccio in one of their recommendations for npm security best practices. 

It's high praise so should be mentioned in a central place. If not here, you might find another page to add it.
This commit is contained in:
Marc Bernard 2022-08-24 11:59:08 -04:00 committed by GitHub
parent ba3d100b63
commit 08c36e688e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
website/docs/what-is-verdaccio.md
View file

@ -5,6 +5,9 @@ title: "What is Verdaccio?"
Verdaccio is a **lightweight private npm proxy registry** built in **Node.js**
Using a private npm registry like Verdaccio is one of the [Top 10 NPM Security Best Practices](https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html#6-use-a-local-npm-proxy)
recommended by the Open Web Application Security Project ([OWASP](https://owasp.org/)).
<iframe width="560" height="515" src="https://www.youtube.com/embed/qRMucS3i3kQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
## What's a registry? {#whats-a-registry}