Protecting against NPM supply chain attacks
Is there any plan or strategy for WebStorm to protect against NPM supply chain attacks? We can run WebStorm in a local container, but then we get degraded performance, and lose nice things like Wayland support. Could we run just the JS/TS runtime in a container?
Please sign in to leave a comment.
Yes, you can use the Node.js runtime installed in the Docker container, please refer to Configuring remote Node.js runtimes | WebStorm Documentation.
Please note that WebStorm detects vulnerabilities in the NPM packages used in your projects by checking across the Mend.io Vulnerability Database and the National Vulnerability Database. It highlights packages that are considered vulnerable, provides descriptions for them, and suggests fixes where available. See Help documentation.