Node.js powers a massive number of software solutions that businesses use every day, including applications on the web, mobile, and desktop, to API backends, Internet of Things (IoT), and even robotics. With Node.js, enterprises can reap a multitude of benefits including enhanced security, agility, and efficiency and improved user experience. It’s no wonder that many large organizations are employing Node.js as part of their long-term technology strategies. In fact, a recent survey by The Node.js Foundation revealed that 98% of Fortune 500 companies use Node.js regularly.
One company that understands the value of Node.js is NodeSource. Dedicated to helping organizations have a solid foundation for their Node.js adoption journey, NodeSource offers enterprise-grade solutions that specifically target the needs of businesses deploying JavaScript and Node.js. As the most secure and safest Node.js platform, NodeSource enables organizations of all sizes to successfully design, develop, and manage Node.js applications.
SourceForge recently spoke with Thomas DeMeo, the CEO of NodeSource, to discuss the company’s newest, integrated product platform that empowers Engineering and DevOps. DeMeo also highlights the enhancements to NodeSource’s two core products: the Certified Modules and N|Solid Solutions.
Q: First and foremost, can you provide us with a brief background of NodeSource (i.e. year founded, size, solutions, etc.)?

Thomas DeMeo, the CEO of NodeSource
A: NodeSource was founded in 2014 to be the premier vendor for companies adopting Node.js. NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security. NodeSource takes a solution-based approach to empower our customers with a mix of products, services, support, and training.
The NodeSource product suite includes N|Solid, an enhanced Node.js runtime designed to help manage, monitor, and secure applications, as well as NodeSource Certified Modules (NCM), a security and compliance solution for organizations using public third-party packages. Together, these products mitigate security risks and provide deep operational visibility into mission-critical applications.
Our professional services offerings help teams scale their usage of Node.js by guiding them toward best practices in their architecture, across the entire SDLC and into production. Our expert team provides consulting and training services that continue to receive praise from our customers. We also offer Node.js Support which includes 24/7 coverage for companies running Node in production, in order to provide an extra line of assurance and make our deep expertise available to their developers, architects, and operations engineers.
Q: What are your company’s mission and goals? What challenges does your core solutions seek to solve?
A: Today, Node.js is the fastest-growing open source project on Earth and is used in some capacity by every Fortune 500 organization; there’s massive demand for expertise and solutions.
NodeSource was founded to meet this need and fill the gaps that exist for enterprises attempting to adopt Node.js. Our products and services are designed to fill the gaps in knowledge, assistance, and tools that large companies inevitably experience with Node.js. Previous-generation technologies (like Java) have a mature ecosystem with rich and sophisticated tooling and services; we are racing to build that out for Node.js to support companies that have become accustomed to this kind of environment.
NodeSource’s mission is to empower organizations of all sizes to successfully adopt and integrate Node.js. We do this by providing products and services that enable teams to build, manage, and analyze mission-critical applications while enjoying the huge benefits afforded by Node.js.
Node.js continues to grow in popularity as part of the long-term technology plans in almost all large organizations. NodeSource is positioned to provide a solid foundation for the enterprise Node.js adoption journey.
Q: Tell us a bit more about NodeSource as a company. How does your solution empower DevOps and organizations to successfully design, develop, and manage Node.js applications and thrive in today’s digital era?
A: NodeSource takes a solution-based approach with a mix of products and services to empower organizations with the knowledge, tools and processes they need to safely scale Node.js. We like to think of our entire suite of offerings as “expertise as a service” because even our products are designed to embed our staff’s deep Node.js expertise, scaling us well beyond our ability to be in the room with everyone that needs us.
NodeSource offers two core products that enable organizations to successfully design, develop, and manage Node.js applications and thrive in the modern digital ecosystem.
- Certified Modules is our secure, private registry of trusted Node.js modules. NCM calculates a “trust score” for each public third-party module, monitoring for security vulnerabilities, and dynamically adjusting scores in real time to identify emerging risks. NCM arms developers and DevOps with an understanding of a module’s risk profile, security, and measures important for compliance such as open source licensing schemes. Combined with low-friction enforcement, developers can confidently install and use third-party modules and managers can have a new layer of assurance when interacting with today’s largest and fastest growing open source module ecosystem.
- The N|Solid platform offers insight and control over an entire Node.js deployment, often spanning clusters of thousands of individual processes.
NodeSource N|Solid platform
N|Solid delivers enhanced security inspection and monitoring along with unparalleled visibility into application performance and health. Customizable security policies and real-time vulnerability scanning of third-party JavaScript modules running in production help protect code against malicious attacks. Detailed application metrics help teams identify issues sooner, reduce time to resolution, deliver peak performance, and keep infrastructure costs under control. The ability to reach deeply into Node.js instances in production to analyze performance and inspect state is a unique feature only we can offer because nobody else delivers an enhanced Node.js runtime.
Our consulting, training and 24/7 support services also empower organizations with the knowledge and skills they need to safely adopt Node.js at scale within their organization. In our four years of operation, we have built a team of the best Node.js expertise available to back up our commitments to customers.
Q: Just recently, NodeSource announced the release of a new, integrated product platform for Engineering and DevOps. How does this beta version of the NCM Desktop application empower application development teams as well as small and midsize businesses (SMBs)? And what feedback have you received from the Node.js community so far?
A: To date, most of our customers have been large or enterprise organizations. But our tools offer universal value to Node.js developers and DevOps engineers, regardless of organization size. So, our new integrated product platform, combined with the addition of free and SMB-friendly pricing tiers makes the NodeSource suite more accessible to teams and individuals of all sizes. This release exposes NodeSource’s platform to the 80 percent of the Node.js user base who work at organizations with 1,000 or fewer employees, and we have huge plans for expanding this offering and providing even more value over time. With the addition of a free tier for individuals, we’re looking to help developers build good habits as they work on personal projects.
Q: Aside from this, NodeSource also rolled out updates to two of your core solutions: the NCM Desktop and N|Solid 3.3. How does these new and enhanced solutions improve security, user experience (UX), and accessibility for DevOps teams?
NCM Desktop is a desktop application that augments normal development workflow to instantly surface additional package metadata. It extends our NCM product onto the desktop, with a developer focus.

NCM Desktop Beta Install List
Some of the new features and enhancements of N|Solid 3.3 include:
- The ability to restore Assets (such as CPU profiles and memory snapshots) and Saved Views of an application cluster in case users accidentally delete them. Previously, Assets and Saved Views were gone forever upon deletion.
- An enhanced application cluster scatter plot axis selection model, focusing at first on generally useful metrics and enabling users to dig deeper into other metrics when needed.
- Descriptive tooltips for all of 50+ metrics in the axis selector, which describe what the metric measures.
- Improved performance of page load times when managing clusters comprising large numbers of processes.
Inclusion of the N|Solid runtime component in the new free-forever Developer plan, along with access to Certified Modules.
Q: As advocates of the open source Node.js project, why is an open source approach important to application development?
A: You can’t build modern technology without touching open source in some way. There are good reasons for this: cost, flexibility, speed, reliability, security, and access to the huge collective expertise that now exists in the open source world. You can trace components of Node.js to nginx, Google Chrome, OpenSSL, Mozilla and academic institutions all around the globe. The ability to build on such solid foundations gives every company the ability to focus higher up the value chain, where their core competence exists.
Q: What unique advantages does NodeSource Certified Modules and N|Solid Solutions deliver to the Node.js community? What makes them stand out from other platforms in the market?
A: As interest in Node.js grows and adoption increases, companies are discovering that Node.js’ small-core approach and encouragement of modularity has lead to a massive and vibrant module ecosystem. Of course, this is a huge benefit to Node.js developers, but more companies adopt Node as part of their applicationstack, they are discovering this module ecosystem size and activity is still something of a wild-west.
We built NCM because we hear constant feedback from our customers—they want greater assurance and insight over what their developers are installing and putting into production. When a typical Node.js application has many thousands of dependencies, it’s simply not practical to whitelist every individual module. NodeSource is all about assurance and insight, so NCM has been a logical extension of our offerings.
NodeSource has a unique advantage with N|Solid: we are the only vendor to offer an enhanced Node.js runtime. All other solution providers are restricted by what they can do outside of the Node.js runtime. N|Solid is an augmented Node.js runtime with a deep integration that lets us provide the highest fidelity metrics and insight with the lowest overhead. By bundling useful tooling to provide functionality such as CPU profiling and memory inspection, our users can skip the awkward steps they would otherwise have to make, plus they get access to these tools in their production environment on demand with no overhead. Something that’s otherwise impossible.
Q: Looking ahead, what emerging trends and technologies do you think will impact the open source and Node.js community? And how is NodeSource meeting these head-on?
A: NodeSource has been a major contributor to open source Node.js since our founding. We were key to the formation of the Node.js Foundation and can be credited with some of the critical pieces of the Node.js project; including its innovative governance model, its security handling process, and the enterprise-friendly LTS approach to releases. We have been present for our entire history, advocating for enterprise interests in the Node.js project and helping ensure that Node.js continues its dominance as the next-generation web backend platform.
Of course, the technology world doesn’t stay still. Node.js continues to face challenges and opportunities from the landscape within which it exists. Some of the interesting highlights ahead for Node.js that NodeSource is tracking and assisting with:
- TLS 1.3. The recently ratified next-generation secure web protocol. We are working to bring this to Node.js 10 before it becomes LTS in October.
- Security. We have been participating in ongoing discussions to improve security and assurance for Node.js users. Some of this includes bringing NodeSource technologies like N|Solid’s policies to the open source Node.js project. We are also helping to refine Node’s security reporting and handling procedures to build greater trust the robustness of Node.js.
- ES Modules and JavaScript evolution. The JavaScript specification body, TC39, continues to evolve the language. Most JavaScript developers embrace this change and Node.js needs to evolve to meet the demand. The async/await functionality in JavaScript is causing something of a revolution in JavaScript best practice and Node.js needs to adapt so it doesn’t get in the way of users. The “ECMAScript Modules” specification is a huge challenge for Node.js, which has had its own module system for many years. How to harmonize these two systems in a way that is beneficial to the most users is still being hammered out.
Q: What can customers expect from NodeSource in the future? Are there any new updates or developments customers should look forward to?
A: NodeSource is dedicated to consistently evolving is platform and product offerings and will share new updates over the coming months. Recent changes to our product suite should give some hints about where we are heading and we’re very excited about the future!
But in general, our enterprise focus and exposure to so many companies struggling to make the shift to Node.js gives us incredible insight into the kinds of solutions that companies need when making that journey. Node.js still has a long way to go in terms of supplanting Java as the de-facto backend platform of choice. A large part of this is tooling and the ecosystem of services available to companies attempting that transition—it’s simply not as mature and there are gaps. NodeSource is laser-focused on filling these gaps. We call ourselves The Node.js Company, and our aim is to continue being the company you go to when you need any kind of assurance or assistance for any part of your Node.js journey.
About NodeSource
Headquartered in San Francisco, CA, NodeSource currently employs more than 40 people worldwide. As the most secure and safest Node.js platform, NodeSource offers products and services that help teams to seamlessly design, analyze, and manage mission-critical applications. Some popular customers of NodeSource include Paypal, Mastercard, Conde Nast, Survey Monkey, HomeAway, 21st Century Fox, and Comcast.