npm brings managed code registry to the enterprise

Open source JavaScript developer tools provider npm, Inc. has announced a new solution that will enable enterprises and large organizations to work with its software registry. Npm Enterprise is a managed deployment of the npm registry designed with enterprise-grade security, compliance and access control, the company explained.

“Approximately 100% of the world’s enterprises acquire over 97% of their JavaScript from the npm Public Registry, making the introduction of npm Enterprise essential for professionalization of JavaScript development,” said Bryan Bogensberger, CEO of npm, Inc. “With npm Enterprise, we are giving JavaScript developers the npm tools they love while providing the enterprise with enhanced visibility, security and control. The result: happiness throughout organizations everywhere.”

According to the company, enterprise developers used to only be able to share code via email or an artifact store, which limited their ability to reuse and scale.

Npm Enterprise will feature a cloud-deployed registry to enable the publication and sharing of public packages. Companies will also get their own website for developer access control and other permissions. In addition, developers will have a choice to publish private packages or open-source packages for anyone to access.

Other features include:

  • Dedicated single-tenant hosting in a Kubernetes cluster
  • Support for industry-standard SSO authentication
  • Role-based access control for managing access and publication of modules
  • Sharing of private packages between and across teams
  • Customizable workflows for code collaboration and seamless CI/CD system integration
  • Notification of known vulnerabilities through “npm audit”


The post npm brings managed code registry to the enterprise appeared first on SD Times.

via Click on the link for the full article

The Linux Foundation launches new project to enable Linux in safety-critical applications

The Linux Foundation has announced a new open-source project that will provide a shared set of tools designed to help companies build and certify Linux-based safety-critical applications. According to the foundation, Enabling Linux in Safety Applications (ELISA) will make it easy for companies to build systems such as robotic devices, medical devices, smart factories, transportation systems, and autonomous driving using Linux.

The foundation explained safety-critical systems have to meet certain functional safety objectives and companies need to be able to demonstrate that their systems meet those objectives. Before ELISA, there was no clear way for certifying Linux, making it difficult for companies to prove that Linux-based systems meet those requirements.

“All major industries, including energy, medical and automotive, want to use Linux for safety-critical applications because it can enable them to bring products to market faster and reduce the risk of critical design errors. The challenge has been the lack of the clear documentation and tools needed to demonstrate that a Linux-based system meets the necessary safety requirements for certification,” said Kate Stewart, senior director of strategic programs at The Linux Foundation. “Past attempts at solving this have lacked the critical mass needed to establish a widely discussed and accepted methodology, but with the formation of ELISA, we will be able to leverage the infrastructure and support of the broader Linux Foundation community that is needed to make this initiative successful.”

The Linux Foundation will work with certification authorities and standardization bodies on ELISA. ELISA will also “define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification.”

Other goals of ELISA include developing reference documentation, educating the open source community on safety engineering best practices, enabling continuous feedback from the community, and providing incident and hazard monitoring for critical components.

The founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix and Toyota.


The post The Linux Foundation launches new project to enable Linux in safety-critical applications appeared first on SD Times.

via Click on the link for the full article

SD Times news digest: ActiveState’s Open-Source Language Automation Blueprint, Segment’s Startup Program, and Google’s updated target API level requirements

ActiveState has launched a new methodology for implementing open-source language. Its Open-Source Language Automation Blueprint will provide guidelines for decreasing the costs and risks associated with managing open-source languages.

The blueprint is broken down into four phases: defining open-source language policies, centralizing open-source language dependencies, automating open-source language builds, and deploying and managing open-source language artifacts.

More information is available here.

Segment launches Segment Startup Program
Customer data platform provider Segment is trying to help startups start off on the right foot with its new Segment Startup Program. The program is designed to empower customers to access and use data to grow their business. The program offers a free Team Plan that includes more monthly tracked users than the existing Developer Plan and includes unlimited sources and destinations.

According to the company, the program will also include deals from partners like AWS, Google, Mode, Intercom, and In addition, it aims to provide customers with access to resources on topics such as data collection, analytics, and product-market fit.

Google updates its target API level requirements
Google has announced that it is changing its target API level requirements this year. Come August 2019, new apps will need to target API level 28 or higher, and then in November 2019, updates to existing apps will need to target that level of higher.

According to Google, existing apps that do not receive updates are not affected and can still be downloaded from the Play Store.

In addition, new apps will receive warnings during installation if they do not target at least API level 26, and new versions of existing apps will receive that same warning in November 2019. Starting in 2020, the target API level requirement will advance every year.

Google Cloud Services Platform now in beta
Google has launched a beta of its Cloud Services Platform (CSP). According to Google, CSP simplifies the process of building, running, and managing services, and is a less disruptive approach than current hybrid offerings.

“CSP can make your organization more productive with add-on tools that improve the efficiency of your entire IT team: IT operators benefit from a single unified platform to manage applications and services that span multiple environments. Developers gain a secure foundation on which to build scalable, efficient applications based on containers and microservices. Additionally, security teams get consistent tooling to secure their software supply chain and improve run-time security. With CSP we are partnering with our customers to realize their modernization and hybrid goals,” Google wrote in a post.

The post SD Times news digest: ActiveState’s Open-Source Language Automation Blueprint, Segment’s Startup Program, and Google’s updated target API level requirements appeared first on SD Times.

via Click on the link for the full article

SD Times Open-Source Project of the Week: NoFlo

The developers of this week’s highlighted project say their idea isn’t new, harkening back to a 1970s development paradigm from IBM, but that its support for any JavaScript transpiling language and its ecosystem of existing tools and integrations makes flow-based programming of JavaScript components more accessible. NoFlo is an open-source flow-based programming implementation for JavaScript,

The project pulls its explanation of flow-based programming from Wikipedia, which states: “In computer science, flow-based programming (FBP) is a programming paradigm that defines applications as networks of ‘black box; processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented.”

On the project’s GitHub repository, the developers highlight how the modular nature of flow-based programming emulates Alan Kay’s original definition of object-oriented programming, as well as the well-known Unix philosophy of writing programs that do one thing well and work well together.

“NoFlo is not a web framework or a UI toolkit,” the developers explained. “It is a way to coordinate and re-organize data flow in any JavaScript application. As such, it can be used for whatever purpose JavaScript can be used for. We know of NoFlo being used for anything from building web servers and build tools, to coordinating events inside GUI applications, driving robots, or building Internet-connected art installations.”

NoFlo isn’t a standalone implementation, but part of the Flowhub platform of IDE and consulting services for development of IoT systems and web services. And NoFlo already has a number of tools in its ecosystem:

  • Flowhub — browser-based visual programming IDE for NoFlo and other flow-based systems
  • noflo-nodejs — command-line interface for running NoFlo programs on Node.js
  • MsgFlo — for running NoFlo and other FBP runtimes as a distributed system
  • fbp-spec — data-driven tests for NoFlo and other FBP environments
  • flowtrace — tool for retroactive debugging of NoFlo programs. Supports visual replay with Flowhub

NoFlo can be installed via NPM for Node.js and more information about the JavaScript implementation can be found at the project’s GitHub repository.

The post SD Times Open-Source Project of the Week: NoFlo appeared first on SD Times.

via Click on the link for the full article

JFrog acquires Shippable for CI/CD capabilities

DevOps company JFrog has announced its intention to acquire Shippable for its cloud-native and Kubernetes-ready CI/CD capabilities.

Shippable is DevOps and CI automation solution provider that offers an assembly platform for shipping software faster.

JFrog plans on incorporating Shippable’s solutions into its platform to create a comprehensive DevOps pipeline solution, the company explained.

Shippable’s technology will enable JFrog customers to more completely automated their development processes.

“With expertise in CI/CD pipeline automation, Shippable’s DevOps “Assembly Line” technology will provide a leap forward for JFrog’s platform, Enterprise+. Coupled with JFrog’s industry-leading artifact repository management, distribution, and security vulnerability scanning solutions, this acquisition will allow JFrog customers to automate their software development processes from the moment code is committed through to production,” Kit Merker, VP of business development for JFrog, wrote in a post.

Shippable’s employees will join JFrog following the acquisition. The first technology integrations will be released in the JFrog Enterprise+ platform in the summer. Following that, Shippable will be fully integrated with JFrog by Q3 of 2019.

“We’re immensely excited to welcome Shippable into JFrog, and eager to convert their expertise and products into unmatched value for JFrog customers,” said Shlomi Ben Haim, co-founder and CEO of JFrog. “The modern DevOps landscape requires ever-faster delivery with more and more automation. Shippable’s outstanding hybrid and cloud native technologies will incorporate yet another best-of-breed solution into the JFrog platform. Coupled with our commitments to universality and freedom of choice, developers can expect a superior out-of-the-box DevOps platform with the greatest flexibility to meet their DevOps needs.”

The post JFrog acquires Shippable for CI/CD capabilities appeared first on SD Times.

via Click on the link for the full article

The LF Deep Learning Foundation picks up the deep probabilistic programming language Pyro

The LF Deep Learning Foundation has accepted Pyro as its latest project. The LF DL Foundation is a Linux Foundation project meant to accelerate the growth of artificial intelligence, machine learning and deep learning open-source projects. Pyro is a probabilistic programming framework created by Uber that is designed to bring together the best of both modern deep learning and Bayesian modeling.

“Today’s announcement of Uber’s contribution of the project brings us closer to our goal of building a comprehensive ecosystem of AI, machine learning and deep learning and projects,” said Ibrahim Haddad, Executive Director of the LF DL. “We look forward to helping to grow the community contributing to and using Pyro to further improve forecasting and other capabilities.”

Uber initially designed Pyro with four principles at its core: It wanted to create a framework that was universal, scalable, minimal, and flexible. Pyro can represent any computable probability distribution, scales to large data sets, is implemented with a small core of composable abstractions and aims for automation and control, the foundation explained. Uber decided to open source the project in 2017 with the hopes that the scientific community would be able to collaborate on making AI tools “more flexible, open, and easy-to-use.”

According to the foundation, Pyro solves challenges related to sensor fusion, time series forecasting, ad campaign optimization, and data augmentation for deep image understanding.

“Pyro was originally created at Uber AI Labs to help make deep probabilistic programming faster and more seamless for AI practitioners in both industry and academia,” said Zoubin Ghahramani, head of Uber AI Labs. “By incorporating Pyro into the LF DL portfolio, we hope to facilitate greater opportunities for researchers worldwide and make deep learning and Bayesian modeling more accessible.”

Pyro is the fifth project to join the LF Deep Learning Foundation, and joins Acumos AI, Angel, EDL and Horovod. In addition, Pyro is already being used by companies like Siemens, IBM, Noodle.AI and universities such as MIT, Harvard and Stanford.

The post The LF Deep Learning Foundation picks up the deep probabilistic programming language Pyro appeared first on SD Times.

via Click on the link for the full article

SD Times news digest: Google acquires Alooma, NativeScript 5.2, and Sourcegraph 3.1

In an effort to make cloud migration simpler, Google is acquiring data migration company Alooma. According to Google, Alooma’s data pipeline tool helps organizations streamline their database migrations by enabling them to move data from multiple sources into a single data warehouse.

Alooma will also bring its extensive knowledge and expertise of enterprise and open-source databases.

“Here at Google Cloud, we’re committed to helping enterprise customers easily and securely migrate their data to our platform. The addition of Alooma, subject to closing conditions, is a natural fit that allows us to offer customers a streamlined, automated migration experience to Google Cloud, and give them access to our full range of database services, from managed open source database offerings to solutions like Cloud Spanner and Cloud Bigtable,” Google wrote in a post.

NativeScript 5.2 adds official support for Vue.js
NativeScript 5.2 has been released with official support for Vue.js. While the NativeScript-Vue effort started by Igor Randjelovic has allowed NativeScript and Vue applications to be created, this release is the first time that Vue.js will be officially supported, the company explained.

Official support will offer feature parity between Vue.js, Angular, and Core frameworks; plugin compatibility with Vue.js; and NativeScript Enterprise Support for NativeScript-Vue projects.

Sourcegraph 3.1 now available
Sourcegraph 3.1 has been released. This release offers stability and documentation improvements, including a query builder for searching code, improved go-to-definition and hover tooltips, site admin improvements, improved configuration management and documentation, and new extension APIs.

In addition, new versions of Sourcegraph will be released every month on the 20th of every month.

.NET core 1.0 and 1.1 to reach end of life in June
Microsoft has announced that .NET Core 1.0 and 1.1 will reach their End of Life on June 27, 2019. What this means is that .NET Core patches will not include updated packages or container images for those versions after that date.

Microsoft recommends that users upgrade to .NET Core 2.1 or 2.2 before end of life happens.

The post SD Times news digest: Google acquires Alooma, NativeScript 5.2, and Sourcegraph 3.1 appeared first on SD Times.

via Click on the link for the full article

Redis Labs switches open-source licensing model

In response to the negative reaction to its move to a Commons Clause licensing model, Redis Labs today is introducing the Redis Source Available License (RSAL) for Redis Modules. Redis Modules are add-ons to the Redis database.

Last year, the company caused a lot of controversy and confusion when it included the Commons Clause with its licenses. This led a lot of the open-source community to pronounce Redis Labs’ open-source project proprietary software because it did not meet the Open Source Initiative’s (OSI) definition of open source. The OSI is a non-profit organization dedicated to the promotion of open source. If a software license. If a particular license is not OSI-approved the majority of the open-source community will not consider any software using that license truly open sourced.


The Commons Clause causes open-source disruption

OSI weighs in on open-source licensing conflict

New software licenses aim to protect against cloud providers

The Commons Clause was created as a way to protect smaller open-source driven companies against technology giants and cloud providers taking advantage of projects for their own monetary gain without contributing to the project or community itself. But because of the nature of the clause and the restrictions it adds to existing open-source licenses, a majority of the open-source community believed it directly violated the idea of open source. According to the OSI, a license must not restrict users from using the program.

Since Redis Labs announced it was moving its Redis Modules from AGPL to Apache2 modified with the Commons Clause, a number of other companies have developed their own solutions to the problem. For instance, MongoDB created the Server Side Public License for its open-source software (the license is under review by the OSI), and Confluent announced the Confluent Community License. As a result, Redis Labs decided to rethink the way it was handling the situation.

“Each company took a different approach, but all shared the same goal — stopping cloud providers from taking successful open-source projects that were developed by others, packaging them into proprietary services, and using their monopoly power to generate significant revenue streams,” Yiftach Shoolman, co-founder and CTO of Redis Labs, wrote in a post. “During this period, we also received honest feedback from multiple users about how we could further improve our license to favor developers’ needs.”

Based on the feedback, the company found the Apache2 modified by Commons Clause approach caused too much confusion, the clause’s language lacked clarity, and the restrictions worked against the company’s original intention to grow its ecosystem.

RSAL was designed to address these issues. “RSAL grants equivalent rights to permissive open-source licenses for the vast majority of users,” Shoolman wrote. “With RSAL, developers can use the software; modify the source code; integrate it with an application; and use, distribute or sell their application. The only restriction is that the application cannot be a database, a caching engine, a stream processing engine, a search engine, an indexing engine or an ML/DL/AI serving engine,” Shoolman wrote.

Additionally, the company notes that this will have no impact on the Redis core license, “which is and will always be licensed under the 3-Clause-BSD,” the company explained.  and it will not be limiting the functionality of open-source Redis by moving its core components to closed source. The company has not announced plans to submit the RSAL for OSI approval. “Although the source code is available under RSAL, according to the Open Source Initiative (OSI), an open source license cannot include limitations. Therefore, certain restrictions imposed by RSAL mean that any software under this license is not open source by definition. However, in practice, RSAL is very similar to permissive open-source licenses, and only restricts cloud providers from gaining commercial benefit from software that was not developed by them,” Redis Labs wrote in a description of the license.

“This open approach sometimes works against our commercial interest, since the cloud providers don’t have to do much in order to offer a viable Redis service. But we have a much bigger vision of helping modern applications provide instant experiences to their users,” Shoolman added.  “We believe those cloud providers that build the right collaboration infrastructure will be the ones that eventually benefit the most from open-source projects.”

The post Redis Labs switches open-source licensing model appeared first on SD Times.

via Click on the link for the full article

PDF word processor FlexiPDF 2019 now available

The German software developer SoftMaker today released the 2019 version of its PDF editor, FlexiPDF. The program allows users to edit PDF files as easily as with a classic word processor: FlexiPDF masters the processing of text, graphics and drawings, as well as the export of PDF files to various target formats. Numerous new features and a redesigned user interface complete the 2019 version.

In brief:

  • FlexiPDF 2019 for Windows is available now
  • Edit PDFs as with a word processor: change text and formatting across paragraphs and pages, insert images and drawings, work with whole pages, etc.
  • Users can create PDFs from any Windows program.
  • Export PDFs to TextMaker, Microsoft Word, HTML, RTF and the e-book format ePUB
  • FlexiPDF Professional offers scanning and optical character recognition (OCR)
  • Numerous new features added: creation of interactive forms, side-by-side comparison, snapshots and many more
  • Available as either a purchase or a subscription

At the end of 2016, SoftMaker debuted with the powerful PDF editor FlexiPDF 2017.

The successor, FlexiPDF 2019, was released today. Like the previous version, it distinguishes itself by making the editing of PDF documents as easy as working with a word processor. Users can edit, add, delete and format text across paragraphs, columns and pages. Inserting and editing drawings, comments and graphics is just as simple.

The new version comes with many improvements. It offers sophisticated solutions to daily tasks that arise with PDFs, such as working with forms. FlexiPDF 2019 gives users the ability to not only fill out forms, but also create new ones, with interactive check boxes, selection lists, input fields and other form objects.

With the new “side-by-side” feature, two PDF files can be compared at lightning speed, and with Bates numbering, users can produce a stack of PDF files at the touch of a button, individually numbered in a freely selectable format.

The graphics capabilities of FlexiPDF have also been enhanced with some useful features. The new snapshot tool makes it possible to quickly capture areas of PDF pages and save them as graphic files. If users want to edit an image in a PDF file, they no longer have to export it, edit it in a separate program, then reimport and reposition it. Now they can open an image editor directly from FlexiPDF with the click of a mouse. FlexiPDF automatically takes care of reimporting.

Completely redesigned user interface

It’s not just new features that make FlexiPDF desirable; the user interface has also been completely redesigned. All icons on the toolbars have been restyled based on SoftMaker’s second major product, SoftMaker Office 2018. As with the Office suite, FlexiPDF 2019 also offers a touchscreen mode with large icons for touchscreens and high-resolution displays.

Available as purchase or subscription

FlexiPDF 2019 is available in stores or directly from SoftMaker. In order to be able to offer each customer the right licensing model, SoftMaker provides the new version of the PDF editor as either a purchase or a subscription.

The purchase versions of FlexiPDF Professional 2019 and FlexiPDF Standard 2019 are available for €/US$ 79.95 and €/US$ 59.95 respectively. An annual subscription costs €/US$ 39.90 for FlexiPDF NX Universal or €/US$ 29.90 for FlexiPDF NX Home. Existing customers can upgrade for a nominal fee.

A free trial version of the software can be downloaded from the SoftMaker website.

The post PDF word processor FlexiPDF 2019 now available appeared first on SD Times.

via Click on the link for the full article

CAST Software creates index for Software Heritage open-source repository

To help its customers ensure the open-source software they use doesn’t pose licensing or vulnerability risks, CAST Software this week announced a partnership with Software Heritage under which CAST will create a provenance index of the heritage’s repository.

RELATED CONTENT: Preserving software’s legacy

The partnership is a result from CAST’s acquisition last fall of Antelink, a software component analysis company that holds several patents that underlie CAST’s ability to index the repository.

Software Heritage, a non-profit dedicated to building a universal archive of source code, has some 88 million open-source projects with 5.6 billion source files in its repository. Lev Lesokhin, EVP of strategy and analytics at CAST, described it as “the largest repository out there. The patents we acquired with this technology that we bought has a patent for an index to search through Software Heritage, to be able to go backwards and find the provenance, the origin, of any component in this repository. Without this index it’s a brute-force search that’s like impossible to do,” Lesokhin told SD Times.

The index, when connected to the company’s software intelligence platform CAST Highlight, will be able to identify third-party source code and detect any risks that might be associated with it, the company said.

“The lack of software intelligence around open-source versioning and licensing puts many companies in danger of losing valuable IP, as most executives are unaware of their risk exposure,” CAST founder and CEO Vincent Delaroche said in the announcement. “Business leaders should be aware when open source and other external components in code expose their organization to non-compliance, legal action and possible loss of proprietary IP.”

CAST Software has always been about software intelligence, and last October, built SCA capabilities into its Highlight product, Lesokhin said, enabling the company to go after WhiteSource and Black Duck in the open-source software analysis market, Lesokhin said.

The post CAST Software creates index for Software Heritage open-source repository appeared first on SD Times.

via Click on the link for the full article