“fetching meta data for undefined” – Bug

If you are running your own VersionEye instance since more than 4 weeks then you might see a message like this in the UI:

“Meta information about the project dependencies are currently fetched from the public VersionEye API. Currently fetching meta data for undefined.”

“undefined” is NOT the name of a dependency! In some cases a variable in JavaScript is undefined. This UI bug is fixed in the newest VersionEye Docker images. Unfortunately the bug is related to some indexes on the database which are not valid anymore. To fix this permanently you have to drop “obj_type_id_index” index on MongoDB. That can be achieved with this commands on the VersionEye server:

 docker exec -it mongodb bash
 mongo
 use veye_enterprise;
 db.sync_statuses.dropIndex("obj_type_id_index");
 exit
 exit

That will remove the index and fix the problem permanently. A new index with the same name will be created automatically in the next 24 hours, from a background job.

Keep your global NPM modules up-to-date

npm can be used to install npm modules to packages (package.json), furthermore npm can be used to install npm modules globally with the command line flag "-g" for system wide usage. Usually this is the way to install „grunt“, „eslint“ or „npm“ itself.

These globally installed npm modules cannot be monitored. They are not updated with "apt-get" or any other system updates. This is usually not a problem on developer machines but it can lead to problems on servers without any interactive logins like Jenkins build server. „versioneye-update“ in the new version 1.4 can create a list of the globally installed npm modules and upload it as package file to VersionEye. The VersionEye server will send you a notification as soon as there is a new version of one of the globally installed modules available.

Read more about this cool feature at the Onwerk blog post. Onwerk is a small company in Mannheim / Germany, specialised in custom software development with Node.JS, JavaScript and .NET. They are very active in the local Node.JS & JavaScript community and they are very interested in working with cutting edge technology.

Perl Support

We just added support for the popular programming language Perl. Right now there are more than 41250 Perl packages in the VersionEye database.

Screen Shot 2017-07-12 at 20.29.14

The cpan.org API is crawled once a day to keep the VersionEye database up-to-date. You can follow any of the Perl packages and you will be notified as soon a new version of the followed package is released.

Screen Shot 2017-07-12 at 20.29.47.png

Beside that VersionEye can parse & monitor the file format “cpanfile”. A cpanfile describes the dependencies of a Perl project. VersionEye can actively monitor your Perl project on GitHub and notify you about out-dated dependencies.

Try out this new feature and feel free to give feedback.

Rust Security

Since today VersionEye has support for Rust security vulnerabilities. Altogether VersionEye is aggregating 8 security databases now. If a Rust package is vulnerable the security issue is showed directly on the Rust VersionEye page. Here an example:

Screen Shot 2017-07-12 at 13.56.56

If VersionEye is monitoring a Rust project for you and one of your dependencies is vulnerable you will get notified via email.

Try out this new feature and give us feedback. We would love to hear from you.

 

Support for Elixir & Hex

VersionEye supports a wide range of languages and package managers and we are continuously adding new languages & package managers. The newest in the row is the package manager Hex for the Elixir language.

Screen Shot 2017-06-16 at 14.48.59

Currently we have 4336 Elixir packages from Hex.pm in our database and we crawl hex.pm once a day. You can follow any of the Elixir packages to get notified about new releases. And beside that VersionEye can monitor your mix.exs files on GitHub.

Try out this new feature and let us know how you like it.

Default License Whitelist

In VersionEye it’s very easy to setup a license whitelist. A license whitelist describes licenses which are allowed in your organisation. You can even have multiple license whitelists per organisation. That way different projects can have different license whitelists. That makes totally sense because licenses have different obligations. Some licenses can be used in a cloud environment but not for mobile apps.

However, most people don’t know much about software licenses. They simply don’t know what to put on a license whitelist and what not. That’s why VersionEye has a default license whitelist now. It contains a small set of software licenses which can be used in any environment. The default license whitelist currently contains this licenses:

  • Apache-1.0
  • Apache-1.1
  • Apache-2.0
  • BSD
  • BSD-2-Clause
  • BSD-3-Clause
  • BSD-4-Clause
  • BSD-4-Clause-UC
  • CC0
  • CC0-1.0
  • ISC
  • MIT
  • Public Domain
  • WTFPL

This license whitelist has always the name “default_lwl” and for newly created organisations it’s marked as default license whitelist. That means it gets assigned to all new created projects and all the project dependencies are compared against that whitelist.

Screen Shot 2017-06-12 at 19.10.11

Of course you can edit the “default_lwl” any time. You can remove licenses from it and you can add new licenses to it any time. It’s just a suggestion to start with.

Let us know how this works out for you.

New project view with more details

VersionEye can monitor your software project and notify you about out-dated dependencies, license violations and security vulnerabilities. Up to now we had for each of them a separate tab in the project view page. That was bit confusing and many users even didn’t noticed that there are different tabs. That’s why improved that. Now there is one unified table view which shows all the desired information. Here an example:

Screen Shot 2017-05-10 at 09.09.47

Everything what is red is an issue. In the above example you can see immediately which dependencies have security vulnerabilities, which are outdated and which are violating your license whitelist! There is no need of switching between tabs anymore!

The header was refactored, too. Now you can download all the available project exports from the same page. By the way the version.pdf export is new 😉 Beside that you can download here the license.pdf and security.pdf for your project.

versioneye-exports

The skipped the license tab completely but kept the security tab because it’s still a nice summary for the security vulnerabilities!

Let us know how you like this new view.