novu-framework-integration
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the installation of official vendor packages (
@novu/framework,@novu/api) and trusted libraries (zod,i18next,react-email) from the NPM registry. - [EXTERNAL_DOWNLOADS]: Utilizes official vendor tools including the Novu CLI via
npxand GitHub Actions (novuhq/actions-novu-sync) for environment synchronization and CI/CD operations. - [COMMAND_EXECUTION]: Provides instructions for executing standard CLI tasks such as project initialization (
npx novu init) and local development server management within a secure development workflow. - [SAFE]: Documents robust security features for the Bridge Endpoint, including default HMAC signature verification to authenticate requests from Novu Cloud.
- [SAFE]: Employs multi-layer schema validation (Zod, JSON Schema, Class-Validator) for both trigger payloads and step controls to ensure data integrity and prevent injection of malformed data.
Audit Metadata