►
From YouTube: Introducing npm Enterprise - Dave Bloom
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everyone
and
welcome
to
today's
webinar
introducing
NPM
Enterprise.
My
name
is
Danielle
Wambach
and
I'll,
be
your
moderator,
I
work
on
the
marketing
team
here
at
NPM
and
I'm
excited
to
be
hosting
today's
session.
I'm
pleased
to
introduce
today's
speaker,
Dave
bloom
Davis,
a
solution
architect
here
at
NPM
before
I
hand
it
over
to
Dave
as
a
few
housekeeping
items
to
cover
about
the
presentation
in
the
BrightTALK
webinar
platform.
First,
today's
webinar
will
be
available
on
demand
after
live
sessions,
and
it
is
acceptable
to
the
same
length
you're
using
now.
A
We've
also
added
some
attachments
where
you'll
find
today's
slide,
so
as
well
as
the
NPM
blog
and
upcoming
webinars.
Next
I
love
to
hear
from
you
during
today's
presentation.
If
you
have
a
question
for
days,
please
feel
free
to
send
it
through
the
ask
the
question
tab
on
the
bottom
of
your
player,
we'll
be
answering
questions
at
the
end
of
the
session,
but
please
feel
free
to
submit
your
questions
at
any
time.
If
we
don't
take
you
a
question
during
today's
web
webinar,
we
will
be
sure
to
follow
up
with
you
afterwards
now
/
today,.
B
Thanks
Danielle
so
welcome
everyone
thanks
for
attending
today's
webinar
today,
we're
going
to
present
to
you
our
new
product,
NPM
enterprise
and
private
version
of
the
public
Emma
cam
registry,
based
on
the
public
codebase
as
the
same
functionality,
and
features
that
you
would
experience
on
the
public
registry,
but
includes
extra
security
of
administrative
features
that
are
necessary
for
large
enterprise
deployment.
So,
rather
than
take
you
through
a
presentation
around,
this
I
want
to
show
you
these
features
and
talk
to
you
and
take
you
through
a
demonstration
of
the
product
today.
B
So
what
I'm,
showing
you
right
now
is
something
you
guys
are
probably
pretty
familiar
with.
This
is
the
NPM
KS
public
web
site,
and
the
experience
is
pretty
probably
something
you
guys
have
seen
quite
a
bit.
Npm
enterprise
is
based
on
the
same
code
base
and
it
provides
that
same
experience
that
the
public
web
site
provides.
B
What
I'm
talking
about
is
all
of
the
features
that
we
have
in
that
public
registry
are
available
to
you
in
this
private
registry
and
the
way
we're
doing
that
is
making
it.
So
this
private
registry
can
be
your
one-stop
location
for
discoverability,
of
both
your
private
and
public
NPM
packages,
because
when
I
go
ahead
and
search
or
do
do
a
search
on
NPM
Enterprise,
it
provides
the
same
level
of
discoverability
as
the
public
site.
However,
it
prioritizes
your
private
packages
in
the
search.
B
B
Now
the
package
details
screen
and
the
experience
in
the
webpage
is
exactly
as
you
would
expect,
from
NPM
Enterprise.
If
I
click
on
a
private
package,
you
will
see
that
we
still
contain
all
of
the
additional
information
the
dependencies
that
the
package
works
with
any
other
packages
that
are
using
it
and
the
versioning
information.
All
of
this
is
available
for
your
private
packages,
as
well
as
the
public
packages
in
that
search.
So
you
have
both
that
it.
B
You
have
that
accessibility
again,
you
know
in
one
location,
aiding
that
kind
of
level
of
discoverability
that
you
have
as
far
as
the
user
experience
goes
beyond
that
the
web
page
is
exactly
as
our
public
site
is.
However,
you
do
have
the
ability
in
the
enterprise
site
to
add
an
unlimited
number
of
organizations
or
package
scopes.
So
in
your
organization,
you
can
have
as
many
as
you
want
from
a
prote
user
profile
experience.
We
support
the
same
kind
of
experience
that
you
would
get
on
the
package
sites
and
I'll
show
you
later
in
the
demo.
B
Anyone
who's
familiar
with
MTM
knows
how
our
token
management
works,
but
it's
the
exact
same
for
NPM
enterprise.
So
this
isn't
a
different
experience
for
you,
you're
going
to
get
in
here,
you're
going
to
have
the
ability
to
create
a
token
both
through
the
webpage
and
through
the
content
and
through
the
CLI
client.
Just
like
you
always
have
you
can
generate
both
read
it
and
publish
or
read
only
tokens,
and
you
can
again
revoke
them
from
this
location
as
well.
You
can
see
all
your
tokens
and
revoke
them
from
the
webpage.
B
So
within
the
organization's,
it
is
something
that
again,
you
should,
if
you've
ever
used
NPM
in
with
scoped
packages.
You
might
have
seen
this
before,
but
within
NPM
Enterprise.
You
have
the
ability
to
manage
access
to
your
package
amongst
both
your
private
organizations
and
public
publishing.
So
in
this
particular
case,
these
are
all
organizations
in
our
private
scope
and
within
the
marketing
organization.
I
have
a
couple
of
packages
that
I'm
making
available
to
other
teams,
and
you
can
see
that
because
they're
not
locked
when
I
do
them
in
this
organization.
B
However,
private
widget
is
still
something
that
we're
working
on
in
marketing,
and
this
is
only
visible
to
members
of
the
marketing
team.
So
this
gives
you
a
way
to
collaborate
across
an
enterprise
organization
where
different
teams
can
have
different
organizations
and
make
packages
available
for
discoverability,
based
on
when
they're
ready
to
release
with
the
larger
organization.
B
The
management
of
the
organization
is,
as
you
would
expect,
from
NPM.
We
have
the
members
of
the
organization.
I
happen
to
be
an
owner
of
this
organization,
so
I
have
control
over
the
permissions
of
my
members
and
then
within
an
organization.
I
have
role
based
access,
so
we
have
our
default
developer.
Team
and
I
can
create
multiple
teams
with
different
roles
and
levels
of
access
to
this
package.
B
So
this
looks
exactly
like
NPM
the
public,
the
public
NPM
site,
but
one
of
the
key
differences
here
is
NPM.
Enterprise
is
actually
a
single
tenant
environment,
running
on
its
own
boot
running
on
your
own
google
kubernetes
cluster
for
each
deployment.
So
each
customer
who
would
launch
with
NPM
Enterprise,
gives
a
private
single
tenant,
NPM
repository
that
allows
them
to
search
both
their
private
packages
and
the
public
repository
all
their
data.
All
their
information
is
in
this
single
tenant
instance,
and
it
doesn't
join
with
any
other
tenants.
The
data
is
encrypted
at
rest.
B
All
you
packages
are
encrypted
at
rest,
so
it
provides
that
extra
level
of
security
that
you
really
need
in
a
more
enterprise
environment,
the
other
nice,
the
other
nice
piece
about
NPM
Enterprise
is
it
doesn't
change
how
you
use
the
NPM
CLI
either.
So
all
of
the
features
and
functionalities
of
the
NPM
COI
that
exists
with
the
MTM
public
site
still
exist
with
NPM
Enterprise,
so
features
like
audience
still
work
in
the
Enterprise
version.
B
So
if
I
am
going
ahead
and
working
on
NPM,
it
is
pretty
much
the
exact
same
experience.
The
big
difference
is
I.
Have
to
change
the
registry
I'm
pointing
out
you
guys
have
probably
seen
this
before,
but
if
I
change
my
registry
at
the
point
at
this
registry
and
as
you
can
see,
I
have
a
unique
URL
for
this
as
well
so
NPM
enterprise
customers
getting
a
custom
URL
for
their
instance
and
they'll
point
their
npm
CLI
client
at
that
custom.
Url.
A
B
B
Now
that
I've
logged
in
it's
actually
updated
my
NPM
or
C
file.
It
has
the
token
I
need
for
communication
with
this
registry
and
the
registry
that
I'm
going
to
be
communicating
with
so
I
can
start
to
work
with
this
instance
of
NPM
Enterprise,
so
I'm
going
to
show
you
what
I
mean
by
some
of
the
functions
that
wouldn't
necessarily
be
available
with
other
prior
that
we
pose
still
continue
to
work
with
MTM
enterprise
like
MDM
on
it.
B
So
if
I
do
an
NPM
install
of
this
particular
package,
it's
going
to
run
and
it's
going
to
rip
this
down
and
it's
going
to
come
up
and
it's
going
to
actually
tell
me
that
it
found
a
low
severity
vulnerability.
This
is
functionality,
security
functionality
from
our
audit,
and
what
we're
trying
to
do
here
is
we're
trying
to
move
this
information
further
up
the
development
chain.
So
developers
have
an
eye
into
this
and
can
fix
these
issues
before
it
even
makes
it
into
a
CI
build
process,
or
anything
like
that.
B
So
it
helps
things
progress
more
smoothly,
so
I
have
a
low
severity
vulnerability.
What
is
it
if
I
run
NPM
audit
it'll
tell
me
so
I
run
that
functionality
and
it
comes
back,
and
it
tells
me
there's
an
issue
with
the
version
of
merge
I'm
using
how
do
I
know
that
well,
I
can
go
to
the
more
info
screen
here
and
it
has
the
public
advisory
that
we
publish
for
this
particular
issue.
There
was
a
prototype
solution
issue
with
versions
of
merge
before
one
to
one.
B
So
what
I
got
to
do
is
update
to
version
one
to
one.
It
actually
told
me
that,
right
here,
right
at
the
top
run,
NPM
install
merge
one
to
one
now.
I
can
do
that.
I
can
just
run
that
command
myself
or
I
can
run
NPM
on
it
fix,
and
if
there
were
multiple
vulnerabilities
found
here,
it
would
go
across
and
it
would
fix
it
would
run
all
of
the
default
or
the
resolution
commands
necessary
to
resolve
these
different.
B
So
now,
when
I
go
through
this,
it's
going
to
find
merge
one
to
one.
It's
going
to
update
that
it's
fix
the
vulnerability
it
scanned
all
the
mammalian
packages.
It
doesn't
find
any
more
vulnerabilities
and
I'm
good
to
go.
So
what
I'm
going
to
do
is
I'm
going
to
update
I'm
gonna
patch
my
version
of
this
package,
because
obviously
there
was
an
issue
with
it
before
yeah
I
got
a
type
I'm
going
to
learn.
B
Make
sure
I
spell
my
words
correctly
here
there
we
go
we're
up
to
the
next
increment,
we're
going
to
publish
it
back
to
my
registry.
Private
registry
here
go
ahead
and
do
that
and
then,
if
I
returned
back
after
this
publishes,
if
I
return
back
to
my
private
registry
and
I
search
around
for
the
packages
that
I
updated
here,
I
can
find
that
page.
You
can
see.
It's
been
published
version
one
to
one.
B
Now
we
have
some
additional
pieces
in
this
that
really
so
from
a
security
standpoint.
What
we're
doing
here
is
we're
providing
you
a
single
kind
of
instance
with
its
own
secure
data
store
and
we're
providing
you
all.
The
functionality
of
the
MDM
audit
features
in
this
private
registry
from
an
enterprise
administrative
end,
standpoint,
we're
also
making
it
a
little
bit
easier
for
you
to
manage
all
of
your
users.
So
we
have
in
the
NPM
Enterprise
version
an
administrative
panel
that
gives
you
a
view
into
all
of
the
users
into
your
systems.
B
So
you
can
see
who
the
users
are,
what
type
of
authentication
they're
using
when
they
were
created.
What
their
role
is.
So
you
can
clean
up
your
user
environment
and
manage
it
more
appropriately
from
an
administrative
standpoint,
but
in
addition
to
that,
we
also
provide
SSO
connectivity,
because
that's
really
what
the
enterprise
is
looking
for.
So
we
support
can
we
support
login
through
single
sign-on?
We
support
the
OID
C
protocol
right
now
for
single
sign-on
connectivity,
and
this
allows
a
large
enterprise
organization
to
really
be
able
to
take
advantage
of
multiple
users.
B
So
those
are
the
kind
of
key
areas
that
Enterprise
distinct,
that
distinguish
enterprise
from
the
public
registry,
you're,
getting
the
same
features
and
functionality,
the
same
level
of
discoverability,
the
enhanced
collaboration
that
that
public
registry
has
provided
to
the
public
for
your
particular
enterprise.
You
have
a
level
of
privacy
and
control
over
those
different
packages
within
your
enterprise
to
allow
your
developers
to
find
and
collaborate
as
well
as
exposed
code
when
it's
ready
to
be
exposed.
So
you
can
start
promoting
a
lot
more
code.
B
Reuse
in
your
organization,
much
like
the
public
registry
has
done
just
in
general
for
the
public,
but
at
the
same
time
you're
getting
an
extra
level
of
security
with
the
system
you're
getting
that
extra
single
tenant
environment.
You
know
your
requests
are
coming
through
this
particular
system.
You
can
track
the
packages
and
the
information
that
is
coming
into
your
enterprise.
All
of
your
private
packages
are
in
a
separate
data,
store,
there's
no
multi
tenant
scenario
like
a
scoped
organization
in
our
public
registry.
B
Everything
that
you
create
all
of
your
code
lives
in
its
own
environment,
segregated
from
any
one
hooks's
it's
all
encrypted.
It
rests
and
very
much
protected,
and
on
top
of
that,
because
you're
using
the
real
NPM
registry,
codebase
you're
able
to
continue
to
use
our
audit
functionality
to
maintain
scans
for
vulnerability
farther
up
the
development
chain.
B
Then,
at
your
CI
build
time
or
build
time
or
deployment
time
and
at
and
then
finally
for
larger
organizations,
you
have
that
extended
user
management
that
you
might
need
you're,
not
if
you're
not
dealing
with
ten
users
and
you're
dealing
with
thousands
of
users.
You
don't
want
to
need
to
eat,
invite
each
one
of
them
separately
to
your
particular
NPM
organization.
You
have
SSL
up,
you
have
SSO
control,
you
can
tie
into
your
company's
SSO
system
and
you
have
that
functionalities
but
easily
at
hand
for
managing
your
users.
B
B
So
I
see
a
couple
of
questions
in
here,
and
this
is
a
this
is
a
couple
of
so
let
me
go
ahead
and
go
through
them.
We've
got
quite
a
few
of
them
on
here,
so
why
does
the
NPM
audit
and
filtering
etc
work
better
than
my
existing
third-party
tooling
for
security
scans
I?
Think
one
of
the
main
reasons
is
because
we
have
the
entire
resource
of
our
JavaScript
community.
B
Than
people
and
they're
in
our
database
a
little
bit
earlier,
so
that's
one
area,
but
the
other
area
is
because
NPM
audit
runs
as
part
of
the
CLI
utility.
You
can
discover
these
vulnerabilities
sooner
in
your
build
process
so
rather
than
discovering
it
after
you
check
in
your
code,
you
discover
it
before
you
check
in
your
code
and
you
don't
have
any
issues
with
your
check-in
once
you
do.
It.
B
B
B
Question
an
easy
one
for
here:
how
long
does
it
take
to
get
set
up?
Actually
because
it's
running
in
a
kubernetes,
it's
a
containerized
system
running
in
kubernetes
doesn't
take
us
long
at
all
to
get
it
set
up.
It
might
take
us
longer
to
get
to
to
get
the
the
paperwork
done.
So
it's
a
very
quick
setup
that
we
can
have
spun
up
for
some
money
within
a
couple
of
days.
B
B
One
of
the
other
questions
I
see
in
here
is:
does
artifactory
have
the
same
search
functions
as
npm
Enterprise,
so
I
know,
artifactory
has
the
ability
to
search
NPM
packages,
but
artifactory
search,
only
searches,
the
package
name,
the
biggest
difference
is
the
search
functionality
and
NPM
Enterprise
is
indexing
the
readme
file
as
well.
So
we
have
a
word
searching
a
broader
in
when
you
do
a
search
in
our
site
tool
in
NPM
Enterprise,
it's
searching
more
broadly.
It
makes
things
more
easy
to
discover.
B
So
I
have
a
question
here:
are
you
able
to
whitelist
or
blacklist
certain
packages
for
your
organization?
This
is
actually
a
feature
that
we
are
looking
to
release
very
soon.
A
package
filtering
capability,
I
think
the
first
functionality
is
coming
out
around
whether
we
can
is
allowing
you
to
restrict
certain
packages
based
on
vulnerabilities
and
soon
after
that
white
listing
and
black
listing
is
going
to
become
part
of
this
enterprise
province.
B
B
So
another
question:
my
company
uses
j-dog
artifactory,
which
doesn't
work
great
for
my
team.
Can
we
use
NPM
enterprise
and
artifactory,
or
is
it
a
one
or
the
other
solution?
Actually,
we
are
fairly
complementary
to
an
artifact
managing
tool
like
artifactory,
because
artifactory
focuses
on
a
broad
array
of
languages
that
allow
you
to
manage
those
different
artifacts
from
those
particular
languages.
B
Npm
focuses
specifically
on
Java
and
has
more
functionality
around
allowing
that
kind
of
discoverability
within
JavaScript.
So
it's
kind
of
a
little
bit
of
a
different
level
of
functionality
where
you
see
ourselves
further
up
the
chain
more
as
allowing
you
to
discover
the
libraries
and
pieces
that
you're
going
to
use
for
your
code
rather
as
a
rather
than
a
place
where
you're,
storing
your
you're
necessarily
always
storing
your
code
artifacts,
we
can
be
used
as
that,
but
we
have
much
more
features
farther
up
the
food
chain
than
just
on
being
able
to
store
different
artifacts.
B
Last
question
I've
got
in
here
unless
anyone
wants
to
add
some
more.
What
sort
of
security
features
does
NPM
Enterprise
offer
today
and
are
there
any
new
features
planned?
So
I
talked
a
little
bit
about
the
ability
to
filter
packages,
so
we
do
plan
to
have
the
ability
to
filter
based
on
a
vulnerability
levels,
so
types
of
vulnerabilities.
We
have
the
ability.
We
do
also
plan
to
have
the
ability
to
filter
based
around
license
types.
B
So
you're
going
to
be
able
to
both
report
on
the
types
of
licenses
and
packages
that
your
organization
has
brought
inside,
as
well
as
apply
restrictions
around
those
packages
or
upcoming
features
for
the
product.
I
think
that
actually
answered
a
couple
of
the
questions
that
just
popped
up
as
well
license
type
and
compliance
is
definitely
one
of
the
areas
that
we
had
actually
targeted
when
we
were
thinking
of
enterprise.
B
A
A
Thank
you
Dave,
as
mentioned
earlier
chase,
webinar
will
be
available
on
demand
after
the
live
session
and
is
successful
through
the
same
length
you're
using
now.
We've
also
added
some
related
materials
through
the
attachment
tab
on
your
screen.
Finally,
if
you
like
what
you
heard
today,
please
tweet
out
your
thoughts
on
today's
webinar
using
NPM
stacks.
Thank
you
for
joining.