Skip to main content
Category

Blog

Node.js Security Progress Report – Permission System Gets Its First Pull Request

By Blog, Node.js

July was a busy month for improving Node.js security, with reinforcements from the Open Source Security Foundation (OpenSSF) grant to OpenJS! There was the first pull request for the Permission System, a Node.js Security Release, and a new OpenSSL Security Release which meant updates to Node.js v18, v16, and v14, and triaging and fixing HackerOne reports (5 total).

Permission System

Node.js is building a security Permission System to avoid third-party libraries accessing machine resources without user consent. The Permission System got its first pull request in July! The pull request is 1,200 lines and includes the foundation of the Permission Model. There has been good feedback from the community, and the pull request has been shared publicly. This is the starting point; plenty of review and discussion is expected. 

OpenSSL Update

OpenSSL released a major security update on July 5. Node.js responded with our OpenSSL Security Release Assessment, which stated that the OpenSSL release affects Node.js v18, v16, and v14, with one moderate vulnerability on Windows 32-Bit x86. Our Node.js Security Releases were made available on July 7, covering 7 fixes. (A normal update level is 2-3 fixes.) 

It is best practice to have a revert flag for security updates that can include breaking changes. This is for installations that need a temporary work around. For v16 and v14, we had implemented the fixes without the revert flag (–openssl-shared-config) but are working for it to be available in the next Node.js release. 

Node.js tracks OpenSSL releases closely. The document Maintaining OpenSSL shows how we check requirements, extract new OpenSSL sources, and commit them.

Triaging and Fixing

Node.js analyzes and solves reports on HackerOne. The team triages Node.js issues and fixes security vulnerabilities. HackerOne access is required. For security reasons, reports are not disclosed until getting a CVE designation.

Join us!

Node.js is a critical community-led project where we need more people to contribute. If you are interested in lending your security expertise, we would like your participation. Our Security Working Group meets on Thursdays. You can download the calendar info from here: Node.js Project Calendar and find issues for meetings in this repo: nodejs/security-wg.

From OpenJS World 2022: Securing JavaScript – Myles Borins, Product Manager, GitHub

By Blog, OpenJS World

Myles Borins, Product Manager at GitHub, presented on Securing JavaScript at OpenJS World this past June. The npm registry is the heart of the JavaScript ecosystem. Hear about the steps taken at GitHub to secure this important part of the software supply chain from enforcing software solutions such as automated malware scanning to policies such as enforcing two-factor authentication for high-impact packages. This talk covers what the team at GitHub shipped to respond to an increase in threats to their ecosystem and what they are working on next.

Full keynote available here: https://www.youtube.com/watch?v=eDZHrNbyK3c 

Main Sections:

0:00 Introduction

1:21 Account Takeovers (ATO)

2:50 What did we do right?

4:56 What did we learn?

6:20 The npm security roadmap

15:34 Demo 

16:32 Campaign using stolen OAuth tokens 

18:08 Validation with registry package signing 

19:12 What’s next?

Main OpenJS Resources: 

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/openjs-foundation/

From OpenJS World 2022: The Human API: Building Your Project’s Second Source of Truth – Rachel Nabors, Principal Program Manager, Developer Education, Amazon AWS Amplify

By Blog, OpenJS World

In the fourth post of our OpenJS World Keynote Series, we’re highlighting a keynote on The Human API. To view all of the keynotes from the conference, please visit the OpenJS YouTube Channel.

The only thing harder than writing scalable, usable code is teaching others how to wield it. As the sum of human knowledge continues to grow, so do the challenges of teaching each other what we need to know. Not only to build toward the future but also to contribute to the tools of its construction. If only it were possible to transfer knowledge from one engineer directly into the minds of other engineers, like a human RAID! 

Rachel Lee Nabors, Principal Program Manager, Developer Education at Amazon AWS Amplify, loves building such mechanisms for knowledge transfer, from video guides to documentation to curricula. In this talk, they discussed what doesn’t work, what has worked on projects like React and React Native, and what can work for any other open source project today. Teaching is hard. But there are solid ways to approach knowledge transfer at scale.

Full keynote available here: https://www.youtube.com/watch?v=wWocgghZPOA 

Main Sections

0:00 Introduction
2:00 Once upon a time…
3:52 How do you transfer knowledge between humans?
5:05 Knowledge transfer starts with you
8:51 Set up a site
10:55 Mentor new core members
12:22 Engage your community to expand your content
15:01 Teach more effectively through repetition and interaction 
16:30 Make your documentation scale 
18:09 Your docs are your second source of truth 
20:19 Docs are not a sprint
22:35 Happily ever after… 

Main OpenJS Resources: 

Main Site: https://openjsf.org/ 
Blog: https://openjsf.org/blog/ 
Join: https://openjsf.org/about/join/ 
Certification: https://openjsf.org/certification/
Twitter: https://twitter.com/openjsf
LinkedIn: https://www.linkedin.com/company/openjs-foundation/

From OpenJS World 2022: Reading the Spec – Hemanth HM, PayPal & Jordan Harband, Coinbase

By Blog, OpenJS World

Hemanth HM, Engineering Manager at PayPal, and Jordan Harband, Staff Developer Relations Engineer at Coinbase, presented a session on Reading the Spec and other Javascript functions. Hemanth and Jordan walked through live coding with various language APIs in JavaScript. 

Both speakers gave an overview and walk the audience through the associated specification to give a deeper insight into the language and its constructs. Both share foundational skills required to read and understand the spec, translate spec to code, and more! 

Full session available here: https://youtu.be/uPFOdaGe9Zw. To view all of the keynotes and sessions from the conference, please visit the OpenJS YouTube Channel.

Main Sections:  

0:00 Introduction

2:54 Algorithm conventions

5:24 Runtime semantics

13:26 Demo with Q&A

1:04:39 Engine 262 and closing

Main OpenJS Resources: 

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/openjs-foundation/

Progress Report – Strengthening Node.js Security

By Blog, Node.js, Project Update

In April this year, the OpenJS Foundation announced the Open Source Security Foundation (OpenSSF) had selected Node.js as their initial project to help improve supply chain security. As part of OpenSSF’s Alpha-Omega Project, $300k was committed to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022. The focus is on supporting better open source security standards and practices. The Alpha-Omega repo for Node.js is here.

Since the announcement, OpenJS has quickly onboarded new OpenSSF security support resources who hit the ground running. Better plans and processes have already started to be built out and are already having an impact.

For example, security processes are being improved through a Security Model that is being discussed in the Security Working Group. The structure has been defined and they are currently working to document assumptions from the Node.js runtime. 

The community is creating a new Threat Model that provides context on what will and will not be considered a vulnerability in Node.js, which will particularly help inform security researchers. It includes all the current threats and their mitigation for each environment using Node.js. Note: This may change over releases.

The community also added vulnerability checking for Node.js dependencies. This is a new script that queries vulnerability databases in order to find if any of Node.js’ dependencies are vulnerable. It runs as part of the continuous integration workflow, and if any new vulnerabilities are found, it automatically opens an issue tagging Node.js’ maintainers and Security Working Group members.

Additionally, the Node.js team fixed the first OpenSSF Project Omega CVE as part of the Node.js July 7, 2022, security release.

Organization

Day-to-day security is run through the triage team who look at HackerOne reports to fix issues and handles the ongoing OpenSSL reports and updates. The turnaround time on fixes has been tightened from about one week to under two days. 

The Security Working Group, which has a broader mandate to look at the future of Node.js security, has been reactivated, meeting every two weeks.

Join us!

Node.js is a critical community-led project where we need more people to contribute. If you are interested in lending your security expertise, we would like your participation. Our Security Working Group meets on Thursdays. You can download the calendar info from here: Node.js Project Calendar.

From OpenJS World 2022: Securing the Open Source Ecosystem – Brian Behlendorf

By Blog, OpenJS World

In this recap from the OpenJS World Keynote Series, we’re highlighting a keynote on open source security. To view all of the keynotes from the conference, please visit the OpenJS YouTube Channel.

Brian Behlendorf, General Manager for the Open Source Security Foundation (OpenSSF), presented at OpenJS World 2022 on Securing the Open Source Ecosystem. The presentation began with Brian explaining the problem of supply chain breaches and other factors that are affected by these vulnerabilities. He then follows with what OpenSSF is doing to make efforts in order to work across the supply chain and prevent these types of threats.

The presentation then covers an overview of the mobilization plan. Brian mentions this was planned after a meeting with a U.S federal agency to strengthen security and open source. There is also a quick run-through of the ten different mobilization plans including their goals from security education, risk assessment, incident response, SBOMS, and others. 

Full keynote available here: https://www.youtube.com/watch?v=wxDT-QQh50U 

Main Sections:

0:00 Introduction

1:24 Supply chain breaches

4:33 How OpenSSF Efforts work across the supply chain

11:04 Alpha engagement: Node.js

13:13 Mobilization plan origin story

15:01 Goals identified 

17:13 The open Source software security mobilization plan 

21:14 Initial pledges  

21:52 Get the plan!

Main OpenJS Resources: 

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/openjs-foundation/ 

From OpenJS World 2022: Welcome & Opening Remarks – Robin Ginn & Chris Gervang

By Blog, OpenJS World

In the first recap of our OpenJS World Keynote Series, we’ll highlight the opening remarks from OpenJS World 2022. To view all of the keynotes from the conference, please visit the OpenJS YouTube Channel.

In this recorded keynote, Robin Ginn, executive director of the OpenJS Foundation, and Chris Gervang, Senior Software Engineer, Visualization at Joby Aviation, give the opening remarks at the OpenJS World 2022, held in Austin, TX, June 6-10, 2022. Robin started the keynote by welcoming the audience to take a step back and take a look at their previous work. Robin emphasized the importance of looking back to make an impact without losing perspective. Robin shares a personal experience touching on some historical background and difficulties encountered in the open source community. She then proceeded to emphasize the importance of lifting each other up in communities. 

Chris Gervang followed the talk by giving a brief introduction of himself and sharing some of his work in Open Source. He also welcomes the community members who have joined the OpenJS Foundation. In his keynote, Chris notes the importance of community engagement for project sustainability. Additionally, Chris and Robin announced the Javascript security collaboration and the movement of two projects kepler.gl and VS.GL to the OpenJS Foundation. Robin finished off the presentation by touching on the themes of open governance, stability, and security, and the announcement of the new OpenJS Open Visualization Collaboration Space

Full keynote available here: https://youtu.be/5XYzyItEug4 

Main Sections:

0:00 Introduction 

1:38 Welcome

2:35 Historical perspective

4:33 Opportunity to pause

5:07 Your work matters

9:40 Introducing: Chris Gervang and Joby Aviation

17:52 Community engagement for project sustainability

18:47 Open governance, stability and security

20:39 Announcing Javascript security collaboration space

23:52 JavaScriptLandia

25:57 Thank you!

OpenJS Resources: 

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/r-co…

OpenJS World 2022 – Here’s what you missed!

By Blog, OpenJS World

Earlier this month, we hosted OpenJS World, the OpenJS Foundation’s event bringing together the JavaScript and web development community. Our event covered an incredibly wide array of technical and community topics, focusing on testing and security, and open visualization with the announcement that the Urban Computing Foundation (UCF) is merging with OpenJS. 

We hope everyone enjoyed the conference whether you attended virtually or in person with us in Austin! For those who did not attend the event, we have the conference keynotes and sessions available on our YouTube channel for you to watch back.

In security, Open Source Security Foundation (OpenSSF) selected Node.js as its initial project to improve supply chain security. Node.js is the first open source community to be supported by OpenSSF’s Alpha-Omega Project. Alpha-Omega committed $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with a focus on supporting better open source security standards and practices.

In testing, the OpenJS Foundation recently announced that popular JavaScript testing framework Jest is joining as an Impact Project. Jest and its assets are being donated by Meta Open Source. 

Keynotes

Day One kicked off with Robin Ginn, OpenJS Foundation Executive Director welcoming everyone. She was joined by Chris Gervang, Senior Visualization Engineer at Joby Aviation to announce that OpenJS was adding UCF to its foundation family through the new OpenJS Open Visualization Collaboration Space. UCF has for years been a forum for developers to collaborate on a common set of open source tools connecting cities, people, and mobility. 

Other keynote speakers included:

Additionally, we featured more than 40 breakout sessions across a variety of topics from AI to application development and project-specific talks. All of these are available on demand.

OpenJS World News

We showcased several announcements at the conference that reinforce our community’s goals in testing, security and visualization. See below, as well as on our Day 1 blog for more details.

OpenJS Foundation Welcomes Urban Computing Foundation

The OpenJS Foundation announced that the Urban Computing Foundation (UCF) has partnered with OpenJS to form the Open Visualization Collaboration Space. The Open Visualization Collaboration Space provides a place to openly govern the most comprehensive and widely adopted visualization libraries based on WebGL. UCF is also merging its day-to-day operations and budgets into OpenJS where it will govern these projects and more under the new OpenJS Open Visualization Collaboration Space. Two of its most popular visualization projects – vis.gl and kepler.gl – are moving under the umbrella of the OpenJS Foundation.

Foursquare, HERE Technologies, Joby Aviation and Uber join The OpenJS Foundation

OpenJS has welcomed four UCF members who are now members of the OpenJS Foundation: Foursquare, HERE Technologies, Joby Aviation, and Uber. Open visualization technologies are core to each of these companies’ leadership positions in the market, and by supporting the foundation, they are supporting the infrastructure and long-term growth of key open source projects that they rely on.​

Announcing our First Ever JavaScriptLandia Awards

The OpenJS Foundation celebrated 6 key community leaders, honoring them with the first ever JavaScriptLandia Awards for contributions to education, standards, security and more. Award winners were recognized onstage at OpenJS World and received a plaque and digital badge.

JavaScriptLandia is the home of the OpenJS Foundation’s individual supporter program, where community members can pledge support for OpenJS projects, maintainers, and get more involved in the community while earning badges and other perks.

Congratulations to this year’s recipients, and read more about each of them in our JavaScriptLandia blog.

  • Bethany Griggs – Unsung Hero 
  • Matteo Collina – Leading By Example
  • Darshan Sen – Outstanding Contribution from a New Arrival
  • Tzviya Siegman – Pathfinder Award for Standards 
  • Liran Tal – Pathfinder Award for Security 
  • Wes Bos – Pathfinder Award for Education 

Jest Joins the OpenJS Foundation as an Impact Project

Prior to the conference, we recently announced that popular JavaScript testing framework Jest is joining as an Impact Project. Jest and its assets are being donated proudly by Meta Open Source. Jest is a JavaScript testing framework. It allows you to write tests with an API with little configuration.

Thank you

We’d also like to share a big thank you to this year’s sponsors who made this event possible. Thanks to Diamond Sponsor IBM and jFrog, Platinum Sponsor Nearform, Gold Sponsor Influx Data, Silver Sponsors Bloomberg, Hasura, MariaDB and Red Hat, Bronze Sponsor Stellate, and Diversity Scholarship Sponsor nStudio.

We hope to see everyone next year!

First Ever JavaScriptLandia Awards Celebrate Community Leaders

By Announcement, Blog

From OpenJS World, Austin, TX – The OpenJS Foundation is celebrating 6 key community leaders, honoring them with the first ever JavaScriptLandia Awards for contributions to education, standards, security and more. Award Winners were recognized onstage at OpenJS World on Tues, June 7, and received a plaque and digital badge.

JavaScriptLandia is the home of the OpenJS Foundation’s individual supporter program, where community members can pledge support for OpenJS projects, maintainers, and get more involved in the community while earning badges and other perks.

The nominations for the awards opened in March and were sourced from the broader JavaScript community. Nominations were reviewed by OpenJS Foundation CPC members, board members, and staff and were chosen by consensus.

There were 6 awards available: Unsung Hero, Leading By Example, Outstanding Contribution from a New Arrival, and the Pathfinder Awards, one for Standards, one for Education, and one for Security. 

Unsung Hero nominees are recognized for their willingness to do things that aren’t high profile, glamorous, or even fun, but are important for a well-functioning project and community. Unsung Heroes often do this work with a smile, even if they aren’t being recognized regularly for their contributions. 

Leading by Example nominees are known for demonstrating leadership qualities in their communities that reflect OpenJS Foundation values, like being humble, helpful and hopeful. Exemplary leaders embody open source in spirit and in practice, and inspire others to do the same.

Outstanding Contribution from a New Arrival nominees are new participants in our project spaces who are making a big difference – from contributing new ideas, new leadership on a project workstream, helping with project operations, to community building and more. These individuals are rising stars who help bring fresh energy to our projects.

Pathfinder Awards nominees are people from across the JavaScript ecosystem who have made significant contributions in key areas for OpenJS, including Education, Standards, and Security. These individuals not only move things forward, they bring people along with them as they go, helping to light the way for all. 

The JavaScript Awards recipients were: 


Bethany Griggs – Unsung Hero – “Beth has always been a mighty force for node.js behind the scenes. She puts in tremendous work for the project on the release team, but that work often goes unrecognized. In addition to her service to the project, Beth volunteers on other openjs committees and makes herself available to help the foundation in a variety of ways, from the marketing committee, to the programming committee, to supporting people in the foundation slack and more. Beth is truly a hero, and it’s time to sing her praises!

Matteo Collina – Leading By Example – “Matteo is a steady leader in both the Node and the Fastify communities. He’s a strong technical leader but he also helps people grow, mentoring them and supporting new contributors. Matteo always tackles problems head on and in a collaborative way. He’s passionate about his work, and it’s absolutely inspiring and infectious!”

Darshan Sen – Outstanding Contribution from a New Arrival – I’ve seen Darshan contribute across a number areas within the Node.js project. With his first commit having landed in the Node.js repo just over a year ago, he is now a significant contributor and a member of the Technical Steering Committee. He interacts in a respectful and impactful way and jumps into discussions to express his opinions and help move them forward.  As a relatively new arrival he’s ramped up quickly and contributes across a broad range of topics. I think he’s a great example of coming to the project, talking with people, asking for help/info when needed and then making significant contributions.”

Tzviya Siegman – Pathfinder Award for Standards – “Tzviya edits and works on epub specifications, as well as ARIA specifications, at the W3C. She has served on the W3C’s advisory board for some time, and she works hard to improve the experience of new standards community participants through the Positive Work Environment WG. She was instrumental in getting the W3C to update their code of conduct in 2019.”

Liran Tal – Pathfinder Award for Security – “Liran is a tireless advocate for security in the JS ecosystem. He works hard to build bridges, educate developers about security issues, and support Open Source projects working to improve their security posture. Liran has served on the Node security team and is always available to support developers!”

Wes Bos – Pathfinder Award for Education – “Wes is responsible for teaching hundreds of developers how to write React, Node, CSS, tweak their VSCode setups, upgrade their dev environment and so much more. He’s also one of the nicest people in the broader js community, which makes learning from him feel that much better.

To find out more about JavaScriptLandia and how to join, see: https://javascriptlandia.com/ 

OpenJS World 2022: OpenJS Foundation Welcomes Urban Computing Foundation, vis.gl and kepler.gl

By Announcement, Blog, OpenJS World

Testing, Security and Visualization are major themes of OpenJS World, currently being held in Austin, TX, June 6-10

The OpenJS Foundation is announcing that the Urban Computing Foundation (UCF) has partnered with OpenJS to form the Open Visualization Collaboration Space. The Open Visualization Collaboration Space provides  a place to openly govern the most comprehensive and widely adopted visualization libraries based on WebGL. UCF is also merging its day-to-day operations and budgets into OpenJS where it will govern these projects and more under the new OpenJS Open Visualization Collaboration Space. Two of its most popular visualization projects – vis.gl and kepler.gl – are moving under the umbrella of the OpenJS Foundation.

Vis.gl is a suite of frameworks for GPU powered data visualization and analysis of large datasets on the web. It is one of the most widely adopted WebGL visualization libraries, with close to 100K daily downloads from npm. kepler.gl is a data-agnostic, high-performance web-based application for visual exploration of large-scale geolocation data sets. The kepler.gl demo app has 30k weekly users.

“The Urban Computing Foundation has nurtured multiple great data visualization projects that have become widely used, adding important pieces to the JavaScript ecosystem. There is immense potential for big data to be better visualized and better utilized through the web. Improved visualization tools are key to improving JavaScript in fields like geospatial analysis, data-driven mapping, self-driving cars, and more,” said Robin Ginn, OpenJS Foundation executive director. “We’re very excited to have UCF merge with OpenJS to broaden its developer engagement for the exciting area of data visualization.”

Historically UCF was a home for Mapzen and related projects. In recent years it became a host for the WebGL geospatial visualization projects Kepler.gl and Vis.gl, including multiple Vis.gl sub-projects. 

OpenJS also welcomes four UCF members who are now members of the OpenJS Foundation: Foursquare, HERE Technologies, Joby Aviation, and Uber. Open visualization technologies are core to each of these companies’ leadership positions in the market, and by supporting the foundation, they are supporting the infrastructure and long-term growth of key open source projects that they rely on.​

Vis.gl

The offerings of vis.gl are packaged and best represented by its flagship framework, deck.gl. It has been integrated with most popular base map providers such as Mapbox, Google Maps and ArcGIS; bindings to use with React, Python/Jupyter, R, Vega and CUDA; libraries that tackle 3D geometry editing (nebula.gl), animation (hubble.gl), autonomous vehicles (AVS), multiplexed bioimaging (Viv), etc. Companies including Google, ESRI, CARTO, Foursquare and Cesium have contributed for the project to work with their libraries or data formats. 

“The vis.gl projects are under active development and use, and have great potential for being used widely. We wanted to be connected to an organization like the OpenJS Foundation to support activities that help build growth and popularity. We were already well aligned with the OpenJS Foundation goals, and I believe this is an excellent path forward for both the developers and users of vis.gl and kepler.gl,” said Chris Gervang, Joby Aviation senior visualization engineer. “We look forward to these next steps.” 

Kepler.gl

kepler.gl is one of the most powerful open source browser-based geospatial analysis visualization tools. The kepler.gl demo app is open to all and has 30k weekly users. It is especially well known in geospatial analytics and visualization fields. It has been integrated with Jupyter Notebooks, Jupyter Labs, VSCode, Tableau, and Apache Superset. Users include Unfolded (acquired by Foursquare), Uber, and Carto. And there are many more companies in the mobility space that are using kepler.gl internally for geospatial analysis.

More from OpenJS World 2022 and the OpenJS Foundation: Testing and Security

The OpenJS Foundation recently announced that popular JavaScript testing framework Jest is joining as an Impact Project. Jest and its assets are being donated proudly by Meta Open Source. Jest is a JavaScript testing framework. It allows you to write tests with an API with little configuration. Jest currently has over 17 million weekly downloads and 38,000+ GitHub stars, making it the most used testing framework in the JavaScript ecosystem. It consistently ranks as one of the JavaScript libraries with the highest satisfaction, and is used by companies of all sizes including Amazon, Google, Meta, Microsoft, and Stripe. Jest 28 was just released.

Open Source Security Foundation (OpenSSF) selected Node.js as its initial project to improve supply chain security. Node.js is the first open source community to be supported by OpenSSF’s Alpha-Omega Project. Alpha-Omega committed $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with a focus on supporting better open source security standards and practices.

Maintainers across the OpenJS Foundation-hosted projects through their Cross Project Council are also seeking to leverage its better together approach by sharing best practices, guidance, and support among OpenJS and other JavaScript projects in the ecosystem. Today they announced the new OpenJS Security Working Group comprised of members from across the CPC and OpenJS leadership.

Together, they hope to reduce the risk and set ambitious security goals for all OpenJS projects. They intend to further define, document, communicate, and measure in an open and transparent way.

More specifically, the CPC security goals include:

  • Strengthening the security and sustainability of the OpenJS projects to improve the software supply chain.
  • Increasing security contributions (time, people and resources) from public and private organizations, and security communities.
  • Increasing collaboration among security communities and JavaScript project maintainers.

OpenJS Resources

Click here to learn more about how you could be a part of the OpenJS Foundation, and view these additional resources:

About OpenJS Foundation

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects and collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is currently home to 39 open source JavaScript projects, including Appium, Dojo, Electron, jQuery, Node.js, and webpack. It is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, Microsoft, and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value. 

About Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1000 members and is the world’s leading home for collaboration on open source software, open standards, and open hardware. Linux Foundation projects like Linux, Kubernetes, Node.js, and more are considered critical to developing the world’s most important infrastructure. Its development methodology leverages established best practices and addresses the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit their website.