Category

Announcement

OpenJS World 2021: Save the Date!

By Announcement, Blog, Event, OpenJS World

The OpenJS Foundation’s annual conference is happening June 9, speaker submissions now open!

Mark your calendars! OpenJS World 2021, a virtual open source conference from the OpenJS Foundation, goes live on June 9. Join JavaScript professionals including developers, software engineers, developer advocates and business leaders from OpenJS Foundation hosted projects such as AMP, Dojo, Electron, and Node.js to network, learn and collaborate with community members. 

Today, we are excited to announce several keynote speakers, open the Call for Papers, and share the event sponsorship prospectus.

OpenJS World 2021 will take place as a free, virtual experience, and with keynotes premiering from the OpenJS Foundation YouTube Channel and sessions to be published immediately after.  This format will allow for an on demand, “Netflix style” experience with a specific premier time and flexibility for international audience viewing, as well as more discussion opportunities with speakers. The event will also feature additional engagement opportunities, such as Slack chats and live workshops, mixed throughout.  

Initial Keynote speakers

Anna Lytical, Digital Coding Educator, Drag Queen, and Google engineer
Cian Ó Maidín, CEO of NearForm
Lin Clark, Senior Principal Software Engineer at Fastly
Scott Hanselman, Partner Program Manager at Microsoft

Call For Papers

CFPs are open! If you have a session that you’d like to submit, please do so by February 15, 2021. Submit your talk here. The conference will cover a range of topics for developers and end-users alike including frameworks, security, serverless, diagnostics, education, IoT, AI, front-end engineering, and much more. 

Event Sponsorship

This year, the OpenJS Foundation is offering event sponsorship as an exclusive OpenJS Foundation membership benefit. If you are interested in becoming a member of the OpenJS Foundation, this is a great time to join! Learn more about membership here and check out the event prospectus for details and benefits. 

Interested in participating online in OpenJS World? Register now

Thank you to the OpenJS World program committee for their tireless efforts. We are honored to work with such a dedicated and supportive community!

OpenJS Foundation individual supporter program now available: Join us in JavaScriptLandia!

By Announcement, Blog, JavaScriptLandia

This post was written by Sara Chipps, JavaScriptLandia initiative champion.

Whether you’re all about tabs or spaces, an old favorite or a new release, Vim or VSCode, JavaScriptLandia is a place where all JavaScript fans can creatively express support for the JavaScript ecosystem and OpenJS.

Join now!

JavaScriptLandia badge with sun and mountains.

An Individual Supporter Program has been on the community’s wish list, and we’re thrilled to make that available for the first time with the launch of JavaScriptLandia. Immediate benefits of this new supporter program include:

  • A digital badge to add to your online profiles, avatar, blog and/or personal website.
  • Recognition on our global supporter page on the OpenJS Foundation website.
  • A supporters’ weekly newsletter keeping you up to date on the lastest from OpenJS projects, the Cross Project Council, and the Board of Directors. You will also be invited to participate in discussions about governance and new initiatives.
  • Discounts for training, certification, conferences, and other exclusive offers.

Additional benefits will follow as the program grows, and citizens of JavaScriptLandia weigh in on what they would like to see most. This is a worldwide program priced at $25 USD. 

About the program

The Cross Project Council created JavaScriptLandia because community members wanted a way to show off their involvement and support for our project and cross-project communities, as foundation member companies do through their sponsorship. The CPC also sought to create more leadership opportunities for community members outside of and between our open source projects. This creates stronger bonds and a richer picture of OpenJS Foundation contributors.

We’ve also been hearing from our community that they would like a way to get involved. This is perfect for people that aren’t currently contributing to our projects, but are active JavaScripters. Our goal is to provide a method to join the OpenJS Foundation that wasn’t as expensive as sponsorship and would help members get to know the projects as well as have more access to internal goings-on. 

Finally, and perhaps most importantly, JavaScriptLandia seeks to unite an inclusive and diverse group of JavaScript fans from around the world who love all open source JavaScript projects, those that are part of the OpenJS Foundation and those that fall outside of our umbrella. Whatever your experience – or favorite library – JavaSciptLandia is a safe and easy entry point into this community for all.

We are looking for new perspectives and feedback from the vast community of JavaScript developers. That’s you! We’re looking forward to sharing everything that we’ve been doing and welcoming more of you to our meetings and various working groups. 

Full details here on the SUPPORTER PROGRAM repo.

Unite around the most popular programming language that brings a world of diversity among people and projects. Sign up today and you will go far as a JavaScriptLandian. 

To contact the team, please email javascriptlandia@openjsf.org  

GitHub Actions to securely publish npm packages

By Announcement, Blog

This post is written by Liran Tal with OpenJS Foundation member company, Snyk. This post originally appears on the Snyk blog.

GitHub Actions are growing in popularity ever since GitHub announced general availability for all developers and repositories on the GitHub platform. Fueled with some rate limits we’re seeing in the ecosystem—such as new billing and rate limits for open source from Travis CI—will further drive developers to migrate their software automations to GitHub Actions.

In this article, I’d like to show you how I’m using GitHub Actions to publish npm packages that I maintain in my open source projects. If you’re following the GitHub flow which consists of GitHub pull requests workflows, then this will further unify your experience around GitHub workflows for your teams and community contributors in your project.

What is GitHub Actions?

GitHub Actions is a technology developed by GitHub to provide developers with a way to automate their workflows around continuous integration—helping them build, deploy, schedule recurring tasks, and more. GitHub Actions is natively available and integrated into GitHub repositories and features many reusable workflows from community contributors, such as publishing npm packages, publishing docker images, running security tests, and more.

How do actions work in GitHub?

GitHub’s cloud infrastructure is running GitHub Actions for users by creating a workflow file in a GitHub repository directory named .github/workflows, describing the trigger, schedule for the job, and the actions the job should take using YAML.

What is a GitHub workflow?

A GitHub workflow is a set of jobs that would run based on a trigger or a cron-based schedule. A job consists of one or more steps that make up an automated workflow.

Setting up a Node.js project for GitHub Actions

Let’s add an initial GitHub Actions automation to a Node.js project. The GitHub Actions job will install all required npm packages, run tests, and eventually publish our project as an npm package that users can consume.

Our npm package is going to be a Command Line Interface (CLI) for you to browse the amazing list of talks from SnykCon 2020—Snyk’s first-ever global security event that took place in 2020.

The complete project is hosted on GitHub and here is a sneak peek at how the npm package looks like:

npm package released using github pull request workflow

A complete GitHub CI workflow starts off with creating the following GitHub Action file at the root of the repository path: .github/workflows/main.yml

name: main

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [12.x, 14.x]
    steps:
      - uses: actions/checkout@v2
      - name: Build on Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v1
        with:
          node-version: ${{ matrix.node-version }}
      - run: npm ci --ignore-scripts
      - run: npm run build --if-present
        name: Build
      - run: npm test
        env:
          CI: true

The above is very much a stock template for a build and test process of Node.js projects, doing the following:

  1. The trigger is on every push, to every branch.
  2. We run this action on Node.js versions 12.x and 14.x to ensure compatibility across both Node.js LTS versions.
  3. The job then runs several steps that check out the git codebase, runs a secure and deterministic npm install phase, continues to run a build step if present, and finally runs tests.

As you push new commits to the repository, whether you are following a GitHub flow, or a GitHub pull request workflow, you’ll see new jobs queuing up in the repository’s Actions tab. Like the following, that shows our tests running for npm package snykcon:

github continuous integration

Publishing npm packages with GitHub Actions

If all tests pass, and this automation workflow runs in our main branch, we could automate releasing new versions altogether!

When it comes to releasing packages, it’s a good idea to consider the security implications that concern such actions. Let’s review a few of them:

  1. Malicious code: If a vulnerability is intentionally added by someone as part of the code contribution and you missed it, an automatic release when merging to your main branch means it will be available to users immediately. If you manually release immediately, there’s no difference either—however, the more time passes between merging pull requests and releases, it gives more time for the community to scrutinize and help flesh out such issues.
  2. Vulnerable dependency: If a malicious person adds a dependency with known public vulnerability then this dependency will trickle into your users as it gets pulled during the install process. Using a free tool like Snyk to connect to your git repositories and add a status check to prevent you from releasing with vulnerable versions of dependencies, solves exactly this problem.
  3. Malicious dependency through a lockfile: Have you considered what would happen if a contribution to update package.json dependencies would actually inject a malicious package into the lockfile, which nobody takes the time to review anyway, right? I wrote about why npm lockfiles can be a security blindspot for injecting malicious modules so make sure you deep dive into this if you hadn’t considered this attack vector.
  4. Stealing your npm token: In the past, quite a few attempts of malicious packages circled around the notion of stealing a person’s npm token or other sensitive information that exists in environment variables.

The above isn’t meant to be a comprehensive list of security concerns, but it definitely highlights quite a few that we should be aware of.

Speaking of security highlights, do you find that list of possible security concerns an interesting and educational read? It’s a quick threat modeling process, which you can practice more regularly when you build out features. We wrote about it in our DevSecOps Process and there’s a good talk from SnykCon by Alyssa Miller on User Story Threat Modeling: It’s the DevSecOps Way. Check them out!

Let’s go back to our list and focus on the last security concern mentioned—stealing your npm token. Since this article is all about publishing npm packages, it means we need to make an npm token available to the GitHub Actions workflow and this has historically been frowned upon for the following reasons:

  • npm capabilities: historically, releasing npm packages using an npm token, required your npm user to disable two-factor authentication. It’s not anymore and we’re going to learn how!
  • Stealing a token from malicious packages install: if you make the npm token available in your CI as environment variables, then malicious packages that exist in your package dependency tree (beyond your own direct dependencies) may have access to it during, for example, the npm install process, which by default allows packages to run any arbitrary command.

So how do we handle these two valid security concerns?

Firstly, npm has recently made two-factor authentication possible along with issuing automation tokens, so these two capabilities no longer conflict. Secondly, GitHub Actions allows you to make environment variables information available only to a specific step in a job, which means we can make it available only to the npm publish command and not npm install which would’ve allowed indirect dependencies access to it as well.

Let’s get started.

First, enable two-factor authentication for your npm user. Navigate to your account settings on https://npmjs.com/ and enable 2FA Mode for both authorization and publishing.

npm package two-factor authentication

You’ll need to associate an authenticator device, for example, the Google authenticator app on your mobile device, or 1Password if you’re using that to manage your passwords.

Then, head over to Access Tokens management on npm, and create a new token. 

Make sure you create an Automation type token, as shown in the screenshot below which, as the description says, will bypass two-factor authentication and allow you to use it from continuous integration (CI) workflows:

enable npm package token for github continuous integration

We can then make this token available in our GitHub Actions by first creating it as a secret in the GitHub repository secrets management, like this:

github workflow for tokens as secrets

And finally, updating our GitHub Actions workflow to also include a release step. After the build job, add the following publish job:

 publish:
    if: github.ref == 'refs/heads/main'
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v1
        with:
          node-version: 14
      - name: Publish
        run: |
          npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
          npm publish --ignore-scripts
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

It is vital to note the --ignore-scripts argument to the npm publish command, which is critical to a safe publishing workflow. It tells the publish command from the npm CLI to skip all the life cycle scripts specified in the packge.json manifest. This is important—when the malicious package gets installed as part of the dependency graph, it can create an entry such as prepack: “echo ‘do something malicious’” to your own package, which will be triggered when you run npm publish. As you can imagine, that malicious entry can do more harm than just print something to the screen.

The workflow we’re following here significantly reduces such a concern of npm tokens being stolen, or other targets of arbitrary commands execution because:

  1. In our build job, we install packages without allowing them to execute arbitrary commands thanks to the --ignore-scripts command argument provided to npm ci.
  2. Our publish job starts in a fresh new repository checkout. This means that even if it was required to allow script execution as part of npm package installation of the prior build step, all malicious attempts to inject data to the package’s package.json file would be futile.
  3. As a precaution, our publish step includes a --ignore-scripts command argument to avoid executing npm life cycle scripts during this phase.
  4. The npm automation token to release a package is only made available to the publish step.

Given all the above, you would probably sleep better at night by requiring two-factor authentication on every version publishing of the package. That, however, requires a more elaborate setup if you need to enable this in a CI environment and we’ll skip that in this article.

This job specifically runs only on the main branch—so we don’t release during a pull request test run—and only runs with a specific Node.js version, rather than parallelizing job runs of different versions.

Once a GitHub pull request is merged, or a commit is pushed to the main branch, the following publish job will execute and trigger a release for the npm package.

github workflow

View the complete GitHub Actions workflow file for a reference.

It is important to note that we didn’t cover any sort of automated semantic versioning with regards to bumping the versions of our npm packages automatically, based on whether a commit push was a patch, minor or major update to the code. For that, I recommend evaluating semantic-release which the Snyk Advisor also suggests is a very healthy package:

Where do GitHub Actions run?

The scope of GitHub Actions is for a specific repository, and they are executed and managed using GitHub’s cloud infrastructure services, and provide support for Mac, Windows, and Linux platform runners. It is, however, possible to also have self-hosted GitHub runners such as on Google Cloud Infrastructure.

What is GitHub flow?

The scope of GitHub Actions is for a specific repository, and they are executed and managed using GitHub’s cloud infrastructure services, and provide support for Mac, Windows, and Linux platform runners. It is, however, possible to also have self-hosted GitHub runners such as on Google Cloud Infrastructure.

To sum it up

To summarize, building npm packages and releasing them to the broader npm ecosystem can be automated in a secure way using GitHub Actions. The benefits of choosing GitHub Actions is that we maintain the entire developer experience of a git workflow within the GitHub platform.

I also recommend following up on more GitHub Actions integrations that you can easily plug into your project:

Try out my is-website-vulnerable GitHub Action if you want to track end-to-end security tests for a website (detecting vulnerable JavaScript libraries).

NativeScript joins OpenJS Foundation as Incubating Project

By Announcement, Blog

NativeScript is the newest incubating project at the OpenJS Foundation! 

NativeScript joins OpenJS

NativeScript empowers you to access native platform APIs from JavaScript directly. The result is a streamlined and delightful development experience minimizing language switching and IDE jumping. 

An expanding number of use cases including the full spectrum of iOS and Android platform API development with desktop runtime possibilities continue to create excitement and enjoyment to global development communities. Leveraging common web development skills, like CSS and the JavaScript language itself, developers can unlock the full experience and performance from the rich API offerings of the iOS and Android platforms. NativeScript is particularly well-suited to provide opportunities in significant code reuse between web and mobile developments.

Incubating projects under the OpenJS Foundation are projects that are in the process of completing their on-boarding checklist to join the foundation. There are currently 35 open source projects under the OpenJS Foundation umbrella.

NativeScript can be integrated with other native platform APIs to continually enrich and expand JavaScript’s abilities. The framework not only allows usage of plain JavaScript/TypeScript to create applications, but also allows integration with Angular, VueJS, React, Svelte, and any JavaScript-driven frontend framework to allow developers to reuse their web knowledge in their favorite frontend frameworks to create native platform applications.

Why is NativeScript Joining OpenJS?

NativeScript was created in 2014 and quickly gained popularity among JavaScript developers. The software consulting company and strong NativeScript community member nStudio assumed responsibility for this open source project in June, 2020, to support increased community interest and improved engagement with the core framework.

The project then shifted to an open governance model in June of 2020, inspired by the Node.js and JS Foundations and by other standards bodies. Joining the OpenJS Foundation will allow the project to strengthen this focus on transparency and openness as a basis for growing the community around the world.

“We are excited to be joining the OpenJS Foundation. We believe this will directly benefit both a wonderful community of developers and end user businesses that rely on it worldwide. We have been involved with NativeScript for the past six years, and we see joining OpenJS as a natural step in its evolution,” said NativeScript maintainer and nStudio Senior Partner Nathan Walker. “NativeScript is a uniquely delightful tool for empowering JavaScript developers with access to native platform APIs, and we are constantly inspired by the thoughtful and passionate community to improve the technology.” 

“We are thrilled to welcome NativeScript. The OpenJS Foundation exists to house a diverse set of open source projects that contribute to the JavaScript ecosystem on a global scale,” said Robin Ginn, OpenJS Foundation executive director. “It’s exciting when projects come in whose goals align similarly to ours. We will provide resources and guidance to help NativeScript move forward in multiple fronts including governance, technology, community outreach and much more.”

“As a prominent project in the open source JavaScript community, having NativeScript join as an incubation project is an important addition to the Foundation,” said Joe Sepi, OpenJS Foundation Cross Project Council Chair. “We as a community are excited that NativeScript has taken this important step in their growth and evolution and look forward to their continued success. I am pleased NativeScript has chosen the OpenJS Foundation as its home.”

“I demand a lot from our development team in order to deliver the best user experience within the Sweet app, and NativeScript has been able to deliver,” said Tom Mizzone, CEO Sweet.

“Working with Nativescript has been the most fun I’ve had developing in years,” said Mike Carzima, Solutions Architect, iMedia Inc.

NativeScript can be cloned here. Get started immediately!

Resources

The OpenJS Foundation provides a wide range of resources for organizations and individuals involved in the adoption and ongoing development of key JavaScript solutions and related technologies.

 

Happy 25th Anniversary JavaScript

By Announcement, Blog

At the OpenJS Foundation, we owe so much to JavaScript. With more than 97 percent of the world’s websites using JavaScript, it is the foundation for online commerce, economic growth, and innovation. 

Happy Anniversary, JavaScript!

On December 4, 1995, Netscape and Sun announced the creation of JavaScript, “an open source, cross-platform language for enterprise networks and the Internet.”  

At this year’s OpenJS World, we had the honor of hosting Allen Wirfs-Brock, an authority on JavaScript history, for a fireside chat with Alex Williams, the founder and editor in chief of The New Stack. In this talk, “Exploring the History of JavaScript,” The OpenJS World audience got a front-row seat for an intriguing conversation packed with insights from Wirfs-Brock, who was the project editor for the ECMAScript Language Specification, the international standard that defines the latest version of the JavaScript programming language. For those interested in exploring the colorful 25-year history of JavaScript, we encourage you to check out this talk. 

Today, JavaScript is the common language that brings us to work and into our amazing community each and every day, and we want to take its 25th Anniversary to say thank you and reflect on the amazing year we had.

The open source projects that are hosted with the OpenJS Foundation are the heart of what makes the Foundation. The collaboration, innovative tech, and most importantly, the amazing people are what make the OpenJS Foundation special. This year was a great year for our projects, from new releases to bringing on incubation projects. We thank all project contributors for the important work you do.

We are so thankful to our members for their continued support of the OpenJS Foundation. So far this year, we welcomed Skyscanner and Netflix as the newest members of the OpenJS Foundation.

Thank you to our Board for your time, expertise, and leadership as we continue on our mission to drive broad adoption and ongoing development of key JavaScript solutions and related technologies.

While it hasn’t been a typical year for any of us, this community never ceases to amaze when it comes to pivoting and innovating to continue on our path to grow, learn, and collaborate. For those who have experienced loss this year, we see you, and we thank you for being here.

Node.js v15.0.0 is here!

By Announcement, Blog, Node.js, Project Updates

This week, Node.js, an Impact project at the OpenJS Foundation, shipped Node.js v15, a major release for the JavaScript server-side runtime.

The new release includes:

  • Abort Controller
  • N-API Version 7
  • npm 7
  • Throw on unhandled rejections
  • QUIC (experimental)
  • V8 8.6

Additional project news includes

  • Completion of the Node.js Contributors Survey to gather feedback on the contribution process to determine target areas for improvement.
  • big improvements to Node.js automation and tooling including the ability to kick off CI runs and land commits just by adding a GitHub label, making it easier for collaborators to manage the constant flow of Pull Requests.
  • The beginning of Next 10 Years of Node.js effort. The goal of this effort is to reflect on what led to success in the first 10 years of Node.js and set the direction for success in the next 10. One of the outcomes so far is that we’ve created a Technical Values document to guide our efforts.

To read more about Node.js v15, please read the blog here written by Bethany Griggs and the Node.js TSC.

New training gives a deep dive into Node.js Services Development

By Announcement, Blog, Training

Course provides requisite knowledge to develop services on Node.js, and helps prepare for OpenJS Node.js Services Developer Certification

Today, with the Linux Foundation, OpenJS Foundation is excited to offer yet another new training course, LFW212 – Node.js Services Development, as part of our growing Node.js Training and Certification Program

This is an exciting step as Node.js is one of the most popular JavaScript frameworks in the world powering hundreds of thousands of websites, including implementations from Google, IBM, Microsoft and Netflix. Individual developers and enterprises use Node.js to power many of their most important web applications, making it essential to maintain a stable pool of qualified talent.

Who should take this training?

LFW212 will help those developers on their way to a senior level get to the next step by demonstrating their Node.js knowledge and skills, in particular how to use Node with frameworks to rapidly and securely compose servers and services. 

Specifically, this course covers Node core HTTP clients and servers, web servers, RESTful services and web security essentials.

What will I learn?

By taking this course, you will learn how to build RESTful JSON services that are secure and straightforward to maintain and will prepare you for some of the most common Node.js roles in the industry today. The course also prepares you to take the OpenJS Node.js Services Developer (JSNSD) certification. A bundled offering including access to both the training course and certification exam is also available.

To best prepare for this course, students should be familiar with the concepts covered in the OpenJS Node.js Application Developer (JSNAD) certification. To brush up on your Node.js application development skills, we recommend you complete the LFW211 – Node.js Application Development course before attempting LFW212. 

About the Author

The Node.js Services Development course was authored by David Clements, a principal architect, public speaker, author of the Node Cookbook, and open source creator specializing in Node.js and browser JavaScript. David has been writing JavaScript since 1996 and has been working with, speaking and writing about Node.js since Node 0.4 (2011). He’s the author of various open source projects. Of note among them is Pino, one of the fastest Node.js JSON loggers available and 0x a powerful profiling tool for Node.js. David is one of the technical leads and primary authors of the official OpenJS Node.js Application Developer Certification and OpenJS Node.js Services Developer Certification. We recently did an AMA with Dave and Adrian Estrada from NodeSource you can check it out here to learn more about certification. 

Are you ready to sign up? 

The course is available to begin immediately! The $299 course fee – or $499 for a bundled offering of both the course and related certification exam – provides unlimited access to the course for one year to all content and labs. All Node.js courses and exams offered by The Linux Foundation, including these new offerings, are discounted up to 75% through October 31, including a super bundle consisting of LFW211, LFW212, JSNAD and JSNSD available for $250 during the promotional period. Interested individuals may enroll in LFW212 here or learn more about the discount on all Node.js offerings here.

Michael Dawson elected Community Director

By Announcement, Blog

The OpenJS Foundation is delighted to announce that Michael Dawson has been elected to the OpenJS Board as the CPC Director, a community representation seat.  

Chosen by the Cross Project Council, Michael brings a wealth of experience to the board having acted as the Node.js Project TSC Chair, a member of the Node.js Community Committee, being an active contributor to the Node.js Project and being active on the CPC. Michael previously held the Node.js representative seat on the Board. This community seat replaces that designation.

In a statement provided to the community via GitHub, Michael says, “My goal as a board member is to bring the perspective of the foundation projects and greater community to the board while ensuring the needs of foundation projects are considered in the decisions that are made.”

Additionally, in being elected, Micahel plans to prioritize communication between the board and community, seek input on board decisions, and help champion broader and longer-term initiatives that are important to the success of the foundation. 

As a community representative to the OpenJS Board, Michael looks forward to taking what he’s learned from his work with Node.js, the CPC and recent collaborator summits to represent the broader community. Michael adds, “I look forward to broadening my role and representing more projects. In my role as the Node.js Board rep, the TSC and Comm Comm found board updates helpful. This could be beneficial for other projects and I would be happy to work to find the right way to provide these updates.”

Michael is IBM’s community lead for Node.js, where he works to coordinate and lead the work of IBM’s teams that contribute to the Node.js community.  He also works to support IBM’s many initiatives to provide great deployment options (public and private) for Node.js, ensuring the tools and products IBM delivers provide a first class experience for Node.js developers and supporting IBM’s internal and customer Node.js deployments.

Michael is based in Ottawa, Ontario, Canada. Outside of the office he enjoys playing badminton and softball as well as kayaking and paddle boarding. Extracurriculars also include building things with 3d printers, cnc machines, soldering irons and building apps to make daily life more fun.

Project Update: Official AMP Plugin for WordPress

By AMP, Announcement, Blog, Project Update

Success with WordPress,
powered by AMP

The missions of the WordPress and AMP open source projects are very well aligned. AMP, a growth project at the OpenJS Foundation, seeks to democratize performance and the building of great page experiences, which is at the core of WordPress’ goal of democratizing web publishing. 

Today the AMP team is very excited to release v2.0 of the Official AMP Plugin for WordPress! Lots of work went into this release, and it is loaded with many improvements and new capabilities in the areas of usability, performance, and flexibility. Read on to learn more, or check out the official AMP Blog for the full release notes.

AMP brings “performance-as-a-service” to WordPress, providing out-of-the-box solutions, a wide range of coding and performance best practices, always up-to-date access to the latest web platform capabilities, and effective control mechanisms (e.g. guard rails) to enable consistently good performance. AMP’s capabilities, and the guard rails it provides allow WordPress creators to take advantage of the openness and flexibility of WordPress while minimizing the amount of resources needed to be invested in developing and maintaining sites that perform consistently well. 

The Official AMP Plugin for WordPress is developed and maintained by AMP project contributors to bring the pillars of AMP content publishing at the fingertips of WordPress users, by:

  1. Automating as much as possible the process of generating AMP-valid markup, letting users follow workflows that are as close as possible to the standard workflows on WordPress they are used to.
  2. Providing effective validation tools to help dealing with AMP incompatibilities when they happen, including aspects of identifying errors, contextualizing them, and reporting them accurately.
  3. Providing support for AMP development to make it easier for WordPress developers to build AMP compatible ecosystem components, and build websites and solutions with AMP-compatibility built in.
  4. Supporting the serving of AMP pages on Origin, making it easier for site owners to take advantage of mobile redirection, AMP-to-AMP linking, minimization of AMP validation issues to surfaced in Search Console, and generation of optimized AMP pages by default.
  5. Providing turnkey solutions for segments of WordPress creators and publishers to be able to go from zero to AMP content generation in no time, regardless of technical expertise or availability of resources. 

To learn more about the AMP in WordPress, please check the release post on the official AMP Project Blog. If you haven’t tried it already, download the plugin today and get started on the path of consistently great performance for your WordPress site! And, if you are interested in becoming a contributor to the AMP Plugin for WordPress, you can engage with us in the AMP plugin github repository

Ajv Joins OpenJS Foundation as an Incubation Project

By Announcement, Blog, Project Update

Today, Ajv, a JSON Schema validator for both server-side and client-side JavaScript applications, has entered into public incubation at the OpenJS Foundation. Ajv is a key part of the JavaScript ecosystem, used by a large number of web developers with millions of projects depending on it indirectly, via other libraries. 

In addition to becoming an incubating project, Ajv was recently awarded a grant from Mozilla’s Open Source Support (MOSS) program in the “Foundational Technology” track. This grant is continued validation for the important role Ajv plays within the JavaScript ecosystem and will help ensure this work continues. 

“A diverse set of widely used open source projects is why we exist and how our community continues to thrive,” said Robin Ginn, OpenJS Foundation Executive Director. “It’s great when these projects recognize the value of being part of the OpenJS community and benefit from what we are creating here. I’m thrilled to welcome Ajv as an incubation project to the OpenJS Foundation and excited to support its open development among web developers.”

Ajv is a leading JSON Schema validator that is highly specification compliant, supporting JSON Schema drafts 4 to 7. Ajv is also extensible via custom keywords and plugins, and is one of the fastest JSON Schema validators. Additionally, Ajv gets 120 million monthly downloads on npm. Many projects within the OpenJS Foundation use Ajv including webpack, ESlint, and Fastify.

“As CPC chair, I’m really happy that Ajv has become an incubating project at the OpenJS Foundation,” said Joe Sepi, OpenJS Foundation Cross Project Council Chair. “Ajv is an important project within the JavaScript open source space — many of our own projects already use it. This is an important step for Ajv and I, along with the entire CPC, am excited Ajv is taking this step with the OpenJS Foundation.”

“As Ajv’s CPC liaison, the person who helps guide potential projects through the application process, I’m excited for what’s to come for Ajv’s within the OpenJS Foundation,” said Dylan Schiemann, CEO at Living Spec and co-creator of Dojo. “As an incubating project, AJV has a unique opportunity to continue its path toward sustainability and growth. As a user of AJV and an early advocate for JSON Schema, we’re super excited to work with the project and support its growth as part of the OpenJS Foundation.”

“Ajv has become a centerpiece of all data-validation logic in my open-source projects and businesses. It’s spec-compliant, extensible, fast and has amazing support. Ajv joining the OpenJS Foundation will greatly benefit the entire JavaScript ecosystem,” said Gajus Kuizinas, CTO of Contra.

“I’ve been developing Ajv since 2015 and it is nice to see it being so widely used – it would never have happened without almost 100 contributors and a much larger number of users. Both the OpenJS Foundation and Mozilla grant will help Ajv become a permanent fixture in the JavaScript ecosystem – I am really looking forward to the next phase of Ajv development,” said Evgeny Poberezkin, the developer of Ajv.

By joining the OpenJS Foundation, there are multiple organizational and infrastructure areas that will be better supported. Furthermore, Ajv will be able to ensure governance and Code of Conduct enforcement to make sure that Ajv will continue to be stable. Joining will also help Ajv to grow and gain contributors, and potentially help with wider enterprise adoption through greater confidence and overall stability for the project.

As a collaborative project with transparency-first principles, the OpenJS Foundation is happy to welcome Ajv as an incubation project and looks forward to the many successes the project will have within its new home.

Start Contributing Now!

If you’d like to help build Ajv, you can start by looking at the Contributing Guidelines. Documentation, Issues, Bug Reports and lots more can be found here. Every contribution is appreciated! Please feel free to ask questions via Gitter chat.