Market Overview

npm, Inc. Acquires ^Lift Security and Node Security Platform

Share:

Investment expands npm, Inc. capabilities to secure the integrity and
stability of open source software

npm,
Inc.
, which runs the world's largest software registry and maintains
the npm software package management application, today announced the
acquisition of ^Lift Security and its Node Security Platform. The
acquisition advances npm's initiatives to improve the security of open
source software, and to develop products that help companies develop
JavaScript securely.

Since its founding, npm, Inc. has relied upon ^Lift Security to assess
the security of the npm Registry, analyze the software developers
publish to the registry, and identify and catalog security
vulnerabilities in open source code. The ^Lift team also has curated and
maintained the public Node Security Platform database, which furnishes
valuable data about JavaScript vulnerabilities to other developers and
security vendors at no cost. ^Lift customers include Netflix, Mozilla,
Morningstar, Intuit and Redfin.

Today, there are more
than 9.7 million JavaScript developers
and 4.2
billion end-users
who rely on JavaScript applications. A
recent survey conducted by npm in collaboration with the Node.js
Foundation and JS Foundation
reveals that 77 percent of developers
are concerned about the security of open source code—although a larger
number believe it is more secure than the code they develop themselves.

"npm is where the Node Security Platform belongs," said Adam Baldwin,
founder of ^Lift Security, who joins npm, Inc. as its Head of Security.
"All NSP users are npm users, and the security of open source code is
core to npm's mission. By combining our resources, we can deliver a
continuous approach to security at scale, empowering millions of
developers to build more secure code—and be prepared to defend against
and respond to threats as they encounter them."

"^Lift's expertise and the wealth of knowledge embodied in the Node
Security Platform are unparalleled and impossible to imitate," said
Isaac Z. Schlueter, founder and chief executive of npm, Inc. "As one
team, we'll continue keeping the npm Registry safe, and develop new ways
to help individuals and companies understand and trust the JavaScript
code they write and share. Uniting NSP and npm is the single best way to
make JavaScript safer for consumers, publishers and enterprises."

The ^Lift acquisition is the first in a series of strategic security
initiatives npm plans to announce in the coming weeks.

Later this month, npm will introduce a series of new security features
available to every user of the npm Registry, directly integrated into npmjs.com
and the npm command-line software tool. The company also will introduce
a suite of security products tailored to the unique requirements of
corporate software developers and enterprises in areas that include
auditing, insights and analysis, security policy and software licensing.

"Security is the responsibility of every part of an organization, so it
needs to be intermixed with engineering, operations and application
deployment," Schlueter said. "npm is, and will remain, at the center of
these workflows. As companies increasingly rely on open source software
and integrating this with proprietary code, we are uniquely positioned
to help."

To learn more, visit: http://go.npm.me/npm-acquires-lift.

About npm, Inc.

npm, Inc., founded in Oakland, California, in 2014 by Isaac Z. Schlueter
and Laurie Voss, maintains the npm package manager for JavaScript and
hosts the world's largest software registry. Created in 2009 as an
open-source package manager for Node.js, npm has been embraced by
millions of developers worldwide for client- and server-side
applications as diverse as IoT, mobile development, financial services
and aerospace. More than 150,000 companies, including BBC, DocuSign,
eBay, Electronic Arts, Juniper Networks, Nvidia, Slack and Visa, rely on
npm's products and services to reduce developer friction and build
amazing things.

View Comments and Join the Discussion!