Introducing the New Package/Library Catalog for Node.js, PHP, Python, Ruby, & Java

Released on: January 2025

Atatus now added the feature Catalogs for packages and libraries in languages like Node.js, PHP, Python, Ruby, and Java. This feature provides detailed insights into:

Catalog Insights for Node.js, PHP, Python, Ruby & Java

  1. License: Identifies the type of license associated with the package, ensuring compliance with licensing requirements.
  2. Vulnerabilities: Highlights known security vulnerabilities in the package to help mitigate risks.
  3. Current Version: Displays the currently installed version of the package, making it easy to determine if updates are needed.
  4. OpenSSF Score: Indicates the security and health rating of the package, based on the standards set by OpenSSF.

The OpenSSF Score (Open Source Security Foundation Score) is a metric used to evaluate the security posture of open-source projects. It assesses various aspects of a project to ensure it adheres to best practices for open-source security and reliability.

The score typically considers:

  • Code Quality: Whether the project follows secure coding practices.
  • Dependency Management: How well the project handles its dependencies, including addressing vulnerabilities.
  • Community Engagement: The project's responsiveness to security issues and its maintenance activity.
  • Best Practices: Adoption of practices such as cryptographic signing of commits, secure CI/CD pipelines, and multi-factor authentication.

By providing this score in Atatus, you can easily gauge the trustworthiness and security maturity of the packages used in your projects, allowing for better-informed decisions about their inclusion in your stack.

Monitor your software stack for free with Atatus.

Start your free trial
OR
Request a Demo

Free 14-day trial. No credit card required. Cancel anytime.

Ready to see actionable data?

Avail Atatus features for 14 days free-trial. No credit card required. Instant set-up.