# Angular

Endless Lifecycle Support (ELS) for Angular from TuxCare provides security fixes for Angular versions that have reached their end of life. This allows you to continue running Angular applications without vulnerability concerns, even after official support has ended.

# Supported Angular Versions

Angular versions from 4 to 18 are supported.

# Connection to ELS for Angular Repository

This guide outlines the steps needed to integrate the TuxCare ELS for Angular repository.

# Prerequisites

Before you begin, ensure you have npm up to date and you use version 9.6.3 or later for security and compatibility reasons.

• To check your current versions, run:

  npm --version
  

• To update npm globally on your system, you can run:

  npm install -g npm@latest
  

# Step 1: Get Token

You need a token in order to use TuxCare ELS Angular repository. Anonymous access is disabled. To receive the token, please contact sales@tuxcare.com.

# Step 2: Set Up ELS for Angular

TuxCare provides ELS for Angular as an NPM package, hosted on a secure internal registry. Follow the steps below to add it to your project and get started.

1. Navigate to the root directory of your Angular project.

2. Create a .npmrc file or update it if it already exists.

   Example:

   my-angular-project/
   ├── src/
   ├── angular.json
   ├── package.json
   ├── .npmrc         ⚠️ ← Create it here
   └── tsconfig.json
   

3. Use an editor of your choice (e.g., VS Code) to add the following registry address line:

   registry=https://registry.npmjs.org/
   @els-angular:registry=https://nexus.repo.tuxcare.com/repository/els_angular/
   //nexus.repo.tuxcare.com/repository/els_angular/:_auth=${TOKEN}
   

   Replace ${TOKEN} with the token you received from sales@tuxcare.com.

4. Manually update your package.json file by replacing your Angular dependencies with the TuxCare packages.

   Choose Angular version: Angular 18Angular 17Angular 16Angular 15Angular 14Angular 13Angular 12Angular 11Angular 10Angular 9Angular 8Angular 7Angular 6Angular 5Angular 4

   Use "SSR ON" if your project is configured with Server-Side Rendering, otherwise use "SSR OFF".

   To check whether your Angular project is configured with Server-Side Rendering, look for @angular/ssr listed in your original package.json file before replacing dependencies. If you see @angular/ssr listed, SSR is ON, otherwise SSR is OFF.

   SSR ONSSR OFF

   

   "dependencies": {
     "@angular/animations": "npm:@els-angular/angular-animations@>=18.2.14-tuxcare.1",
     "@angular/common": "npm:@els-angular/angular-common@>=18.2.14-tuxcare.1",
     "@angular/compiler": "npm:@els-angular/angular-compiler@>=18.2.14-tuxcare.1",
     "@angular/core": "npm:@els-angular/angular-core@>=18.2.14-tuxcare.1",
     "@angular/forms": "npm:@els-angular/angular-forms@>=18.2.14-tuxcare.1",
     "@angular/platform-browser": "npm:@els-angular/angular-platform-browser@>=18.2.14-tuxcare.1",
     "@angular/platform-browser-dynamic": "npm:@els-angular/angular-platform-browser-dynamic@>=18.2.14-tuxcare.1",
     "@angular/platform-server": "npm:@els-angular/angular-platform-server@>=18.2.14-tuxcare.1",
     "@angular/router": "npm:@els-angular/angular-router@>=18.2.14-tuxcare.1",
     "@angular/ssr": "18.2.21"
   },
   "devDependencies": {
     "@angular-devkit/build-angular": "18.2.21",
     "@angular/cli": "18.2.21",
     "@angular/compiler-cli": "npm:@els-angular/angular-compiler-cli@>=18.2.14-tuxcare.1"
   },
   "overrides": {
     "@angular/animations": "npm:@els-angular/angular-animations@>=18.2.14-tuxcare.1",
     "@angular/common": "npm:@els-angular/angular-common@>=18.2.14-tuxcare.1",
     "@angular/compiler": "npm:@els-angular/angular-compiler@>=18.2.14-tuxcare.1",
     "@angular/core": "npm:@els-angular/angular-core@>=18.2.14-tuxcare.1",
     "@angular/forms": "npm:@els-angular/angular-forms@>=18.2.14-tuxcare.1",
     "@angular/platform-browser": "npm:@els-angular/angular-platform-browser@>=18.2.14-tuxcare.1",
     "@angular/platform-browser-dynamic": "npm:@els-angular/angular-platform-browser-dynamic@>=18.2.14-tuxcare.1",
     "@angular/platform-server": "npm:@els-angular/angular-platform-server@>=18.2.14-tuxcare.1",
     "@angular/router": "npm:@els-angular/angular-router@>=18.2.14-tuxcare.1",
     "@angular/compiler-cli": "npm:@els-angular/angular-compiler-cli@>=18.2.14-tuxcare.1",
     "ajv@8.17.1": "npm:@els-angular/ajv@>=8.17.1-tuxcare.1",
     "esbuild": "0.25.0",
     "tar@6.2.1": "npm:@els-angular/tar@>=6.2.1-tuxcare.1",
     "tmp@0.0.33": "npm:@els-angular/tmp@>=0.0.33-tuxcare.1",
     "tmp@0.2.5": "npm:@els-angular/tmp@>=0.2.1-tuxcare.1",
     "webpack@5.94.0": "npm:@els-angular/webpack@>=5.94.0-tuxcare.1"
   }

   If you use any of the following non-default Angular modules, update their versions as shown below:

   • "@angular/language-service": "npm:@els-angular/angular-language-service@>=18.2.14-tuxcare.1",
   • "@angular/upgrade": "npm:@els-angular/angular-upgrade@>=18.2.14-tuxcare.1",
   • "@angular/elements": "npm:@els-angular/angular-elements@>=18.2.14-tuxcare.1",
   • "@angular/service-worker": "npm:@els-angular/angular-service-worker@>=18.2.14-tuxcare.1",

   After adding these aliases, make sure the same modules are also listed in the overrides section, just like the default ones.

5. You need to remove the node_modules directory and the package-lock.json file, and also clear the npm cache before installing the patched packages. Use the following commands:

   rm -rf node_modules package-lock.json && npm cache clean --force
   

6. Run the following command to install ELS for Angular dependencies (token for the TuxCare repository will be automatically picked up from your .npmrc file):

   npm install
   

# Step 3: Verify Installation

1. To confirm the TuxCare Angular repository is set up correctly, use npm to list the project's dependencies:

   npm list
   

2. After reviewing the dependencies, run your application to ensure everything works correctly.

The npm tool should be able to identify and resolve dependencies from the TuxCare ELS for Angular repository.

# Vulnerability Exploitability eXchange (VEX)

VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives, helps prioritize real risks.

TuxCare provides VEX for Angular ELS versions: security.tuxcare.com/vex/cyclonedx/els_lang_javascript/.

# How to Upgrade to a Newer Version of TuxCare Packages

If you have already installed a package with a tuxcare.1 suffix and want to upgrade to a newer release (for example, tuxcare.3), remove node_modules, clear the npm cache to avoid conflicts, and then run the installation command:

rm -rf node_modules package-lock.json && npm cache clean --force
npm install

# Resolved CVEs

Fixes for the following vulnerabilities are available in ELS for Angular from TuxCare versions:

If you are interested in the TuxCare Endless Lifecycle Support, contact sales@tuxcare.com.