Policy-Compliant Component Selection for npm
When a user requests an npm package without explicitly specifying a version (e.g., npm install package
) or specifying a version range, the npm client relies on the package metadata from the npm registry to select a version that satisfies the version constraints. When the selected version has policy violation and is quarantined by Sonatype Repository Firewall, it causes a build failure that requires a manual fix of the root cause.
By enabling this option, Repository Firewall removes quarantined versions from the npm package metadata to prevent selecting a version with policy violations.
See the Repository Firewall documentation on policy-compliant component selection.