NPM Package Search
The NPM Package Search feature allows you to search for NPM packages that were added in pull requests (PRs) within your organization. This feature helps you identify where a specific package has been used across repositories and PRs — useful for dependency management, vulnerability tracking, and incident response.
You can perform searches at both the organization level and the tenant level, depending on your scope of access.
If an NPM package is later found to be compromised or contains a vulnerability, you can use this feature to:
Identify all PRs where that package was added.
Understand the potential blast radius across your repositories.
Take targeted remediation steps such as reverting affected PRs or patching vulnerable dependencies.
How to Use NPM Package Search
Step 1: Navigate to StepSecurity Dashboard
Step 2: Access NPM Package Search
In the sidebar, click Artifact Security → NPM Package Search.
Step 3: Select Your Search Configuration
Search Scope
Organization Search: Explore packages within your current organization.
Tenant Search: Explore packages across all organizations in your tenant.
Search Type
Custom Search: Manually specify packages to look for.
Compromised Packages Search: Focus on known compromised or vulnerable packages.
You can also filter by repositories or time range to narrow your results.
Step 4: Add Packages to Search
Enter the names (and versions, if applicable) of the NPM packages you want to search for.
You can add as many packages as you need.
Step 5: Run the Search
After adding the desired packages, click Search.
Step 6: Review Search Results
If the specified packages were added in any PRs within your organization, they will appear in the results. Click a result to view details.
Step 7: View the Pull Request
You will be redirected to the corresponding pull request where the NPM package was introduced.
Step 8: Investigate Package Usage
From the PR view, you can track exactly where and how the package was added to understand its impact.
Last updated
Was this helpful?