Chainguard, a trusted foundation for software development and deployment, is launching Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript dependencies that are malware-resistant and built from source on SLSA L2 infrastructure.
By securely building every library and all its dependencies from source, Chainguard Libraries for JavaScript provide security and engineering teams with confidence that malware has not been inserted during the build or distribution of libraries in the JavaScript ecosystem, eliminating a significant gap in the threat landscape, according to the company.
With Chainguard Libraries for JavaScript, Chainguard offers protection for one of the most critical and vulnerable parts of the supply chain: the language dependencies that developers rely on to build and deploy applications.
Chainguard Libraries for JavaScript integrates with existing artifact managers, such as JFrog Artifactory, and Sonatype Nexus, to empower application security teams to close this massive security hole while meeting developers how they work.
As with Chainguard Libraries for Java and Python, Chainguard is building every dependency for every JavaScript library from source, combating malware injection at the build and distribution links of the open source supply chain. Isolating and rebuilding the shared system dependencies required by JavaScript libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components, the vendor said.
"Chainguard is the first to rebuild JavaScript libraries from source at scale. We are expanding on the work already completed with Chainguard Libraries for Java and Python to JavaScript, the most popular programming language in the world," said Patrick Donahue, SVP of product, Chainguard. "We're rebuilding every component we publish from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities. Ultimately, we're providing a secure, trusted source of JavaScript libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software."
According to the company, Chainguard Libraries for JavaScript furthers its mission to make open source software trustworthy by default and gives customers greater confidence to ship products more efficiently and securely.
Chainguard now helps organizations secure even more of the modern development stack, starting with the OS and runtime environment with minimal, zero-CVE containers and virtual machines, and up to the application layer with language libraries for Python, Java, and now JavaScript.
For more information about this news, visit www.chainguard.dev.