{"_id":"583ee79510448a2500dd98a8","user":"56c1ae5a4085c50d00c67155","parentDoc":null,"__v":0,"project":"56a1f77442dfda0d00046285","version":{"_id":"56a1f77542dfda0d00046288","__v":9,"project":"56a1f77442dfda0d00046285","createdAt":"2016-01-22T09:33:41.397Z","releaseDate":"2016-01-22T09:33:41.397Z","categories":["56a1f77542dfda0d00046289","56a1fdf442dfda0d00046294","56a2079f0067c00d00a2f955","56a20bdf8b2e6f0d0018ea84","56a3e78a94ec0a0d00b39fed","56af19929d32e30d0006d2ce","5721f4e9dcfa860e005bef98","574e870be892bf0e004fde0d","5832fdcdb32d820f0072e12f"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"56a20bdf8b2e6f0d0018ea84","pages":["56a20e302255370d00ad5ecb"],"project":"56a1f77442dfda0d00046285","__v":1,"version":"56a1f77542dfda0d00046288","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-01-22T11:00:47.207Z","from_sync":false,"order":3,"slug":"features","title":"Features"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-11-30T14:52:05.508Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":8,"body":"## Why is it helpful?\n\nThis page displays the known vulnerabilities that your services have. By clicking the **Learn how to fix** button you can get help to make your infrastructure more secure.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/d6f5e82-Screenshot_2016-11-22_16.28.21.png\",\n        \"Screenshot 2016-11-22 16.28.21.png\",\n        1116,\n        822,\n        \"#f1f2f3\"\n      ],\n      \"caption\": \"List of known package vulnerabilities\"\n    }\n  ]\n}\n[/block]\n## How does it work?\n\nWe have partnered with [snyk.io](https://snyk.io/) to find vulnerable dependencies in your services. We are collecting your dependencies of the running application using the [`npm ls --json --production`](https://docs.npmjs.com/cli/ls) command. We are also checking for applied snyk patches that were set up with the [snyk wizard](https://snyk.io/docs/using-snyk/#wizard).\n\nThe issues are automatically closed when you have fixed them by either updating a package to a non-vulnerable version, applying a Snyk patch, or removing the package completely.\n\n## Data compliance\n\nTrace by RisingStack doesn't share any data with Snyk based on which you can be identified. We do all the calculations using Snyk's vulnerability database in our own secure infrastructure.","excerpt":"Find the npm packages with known vulnerabilities in your Node.js application.","slug":"security","type":"basic","title":"Security"}

Security

Find the npm packages with known vulnerabilities in your Node.js application.

## Why is it helpful? This page displays the known vulnerabilities that your services have. By clicking the **Learn how to fix** button you can get help to make your infrastructure more secure. [block:image] { "images": [ { "image": [ "https://files.readme.io/d6f5e82-Screenshot_2016-11-22_16.28.21.png", "Screenshot 2016-11-22 16.28.21.png", 1116, 822, "#f1f2f3" ], "caption": "List of known package vulnerabilities" } ] } [/block] ## How does it work? We have partnered with [snyk.io](https://snyk.io/) to find vulnerable dependencies in your services. We are collecting your dependencies of the running application using the [`npm ls --json --production`](https://docs.npmjs.com/cli/ls) command. We are also checking for applied snyk patches that were set up with the [snyk wizard](https://snyk.io/docs/using-snyk/#wizard). The issues are automatically closed when you have fixed them by either updating a package to a non-vulnerable version, applying a Snyk patch, or removing the package completely. ## Data compliance Trace by RisingStack doesn't share any data with Snyk based on which you can be identified. We do all the calculations using Snyk's vulnerability database in our own secure infrastructure.