Summary

The plugins that enumerate Node.js, Python, and Ruby packages will now list the discovered packages in their output.

Change

Before this update, Tenable had updated some of the “language library” enumeration plugins  - specifically for Node.js, Python, and Ruby - so that they would no longer list the discovered packages in the plugin output. This was a performance-related decision. When scanning assets with a substantial number of discovered packages, Tenable found that in many cases the size of the findings set would be so large that it would exhaust the memory allocated to the plugin and cause the plugin to crash without reporting. This would prevent downstream vulnerability plugins from detecting vulnerable packages and result in false negatives. Tenable found this to be a less desirable outcome, and began investigating solutions to make these findings sets available at the platform level.

Customer feedback has led us to revert this change and develop an alternative solution for reporting from these plugins.

After this update, the plugins below will now list the discovered packages, along with their path and version, in the plugin output, which can be used to locate specific installed packages on assets. Tenable will continue to investigate a platform-level feature to allow customers to locate specific language libraries across all managed assets in Tenable One.

Impact

Plugin output for updated plugins will include a list of detected packages. This may substantially increase the size of scan results in accordance with the number of detected packages.

Plugins

200172 - Node.js Modules Installed (Windows)

179440 - Node.js Modules Installed (Linux)

178772 - Node.js Modules Installed (macOS)

181215 - Python Installed Packages (Windows)

164122 - Python Installed Packages (Linux/macOS)

240646 - Ruby Gem Modules Installed (macOS)

207585 - Ruby Gem Modules Installed (Windows)

207584 - Ruby Gem Modules Installed (Linux)

Target Release Date

April 27, 2026