Category

Blog

Node.js Mentorship Initiative: N-API Opportunity

By Announcement, Blog, Node.js, Project Update

This blog was written by A.J. Roberts and the Node.js Mentorship Initiative team. This post was first published on the Node.js blog. Node.js is an impact project at the OpenJS Foundation.

The Node.js Mentorship Initiative is happy to announce our next opportunity. This one is open to developers with experience in C++. You will work hand-in-hand with the N-API working group members with the eventual goal of becoming a full-fledged member of the working group.

If you’re not familiar with the working group, we recommend checking out their recent blog post.

The N-API working group has the goal of making it easier to develop native addons for Node.js and other runtimes like Electron. They have already accomplished a lot of crucially important work for the Native Addons ecosystem. You can help them accomplish even more by improving test coverage, adding features to N-API, and creating examples for native plugin authors to follow.

The N-API working group will set aside time specifically for helping and guiding you, so it’s definitely worth applying through the Mentorship Initiative if you feel like this would benefit you. In order to do that, you should complete the application and its included challenge. The challenge is expected to take 2–4 hours to complete.

Please apply here by January 29th, 2021. We look forward to seeing your submissions.

OpenJS World 2021: Save the Date!

By Announcement, Blog, Event, OpenJS World

The OpenJS Foundation’s annual conference is happening June 9, speaker submissions now open!

Mark your calendars! OpenJS World 2021, a virtual open source conference from the OpenJS Foundation, goes live on June 9. Join JavaScript professionals including developers, software engineers, developer advocates and business leaders from OpenJS Foundation hosted projects such as AMP, Dojo, Electron, and Node.js to network, learn and collaborate with community members. 

Today, we are excited to announce several keynote speakers, open the Call for Papers, and share the event sponsorship prospectus.

OpenJS World 2021 will take place as a free, virtual experience, and with keynotes premiering from the OpenJS Foundation YouTube Channel and sessions to be published immediately after.  This format will allow for an on demand, “Netflix style” experience with a specific premier time and flexibility for international audience viewing, as well as more discussion opportunities with speakers. The event will also feature additional engagement opportunities, such as Slack chats and live workshops, mixed throughout.  

Initial Keynote speakers

Anna Lytical, Digital Coding Educator, Drag Queen, and Google engineer
Cian Ó Maidín, CEO of NearForm
Lin Clark, Senior Principal Software Engineer at Fastly
Scott Hanselman, Partner Program Manager at Microsoft

Call For Papers

CFPs are open! If you have a session that you’d like to submit, please do so by February 15, 2021. Submit your talk here. The conference will cover a range of topics for developers and end-users alike including frameworks, security, serverless, diagnostics, education, IoT, AI, front-end engineering, and much more. 

Event Sponsorship

This year, the OpenJS Foundation is offering event sponsorship as an exclusive OpenJS Foundation membership benefit. If you are interested in becoming a member of the OpenJS Foundation, this is a great time to join! Learn more about membership here and check out the event prospectus for details and benefits. 

Thank you to our current members and event sponsors for supporting the OpenJS Foundation and OpenJS World!

Interested in participating online in OpenJS World? Register now

Thank you to the OpenJS World program committee for their tireless efforts. We are honored to work with such a dedicated and supportive community!

Node.js Case Study: Ryder

By Blog, Case Study, member blog, Node.js

Ryder Delivers Real-Time Visibility in Less Time with Profound Logic’s Node.js solution

This case study was initially published on Profound Logic’s website. Profound Logic is a member of the OpenJS Foundation.

Ryder’s low-code, screen scraping solution was an effective solution for a long time, yet, as their customers’ expectations evolved,  they had an opportunity to upgrade. 

To keep up with consumer demand, they implemented Profound Logic’s Node.js development products to create RyderView. Their new web-based solution helped transform usability for their customers and optimize internal business processes for an overall better experience.

The Challenge

Third-party freight carriers across North America rely on Ryder’s Last Mile legacy systems to successfully deliver packages. Constantly adding features the legacy system made for a a monolithic application that was no longer intuitive nor scalable.

The Solution

The Ryder team, lead by Barnabus Muthu, IT & Application Architect, wanted to develop an intuitive web application that provided real-time access to critical information. Muthu wanted to balance the need for new development with his legacy programs’ extensive business logic.

Profound Logic’s Node.js development solutions were a great fit and allowed Muthu to expose his IBM i databases via API to push and pull data from external cloud systems in real-time. He was also able to drive efficiency on dev time by using npm packages. Using Node.js, Ryder was able to built a modern, web-based application that no longer relied on green screens, while leveraging his existing RPG business logic.

The Result

This new solution was named RyderView and it transformed usability for its customers, translating to faster onboarding and reduced training costs for Ryder.

For third-party users, it led to improved productivity as the entire time-consuming processes were made obsolete. Previously, Ryder’s third-party agents used paper-based templates to capture information while in the field. Now that Ryder’s new application used microservices to push and pull data from iDB2, end users were upgraded to a mobile application. These advancements benefited Ryder as well, allowing them to eliminate paperwork, printing costs, and the licensing of a document processing software.

Read the full case study: https://www.profoundlogic.com/case-study/ryder/

AMP Project Case Study: VOGSY

By AMP, Blog, Case Study

VOGSY Improves Services Firms’ Quote-to-Cash Speed by 80% with AMP-powered dynamic emails

The full case study was originally published on the AMP website. AMP is a hosted project at the OpenJS Foundation

AMP Project with lightening bolt

VOGSY is a professional services automation solution built on Google Workspace. By offering a single source of engagement to efficiently manage projects, resources, tasks, timesheets and billing, VOGSY streamlines services firms’ business operations from quote to cash, preventing handoff delays between sales, project delivery, and accounting teams.

Challenge

VOGSY was facing challenges due to siloed departments and disparate tools. Seeing an opportunity to never drop the quote-to-cash baton, VOGSY implemented AMP For Email to send actionable workflow emails directly to its users’ inboxes.

Results

The results of using the open source project led to huge efficiency gains for VOGSY clients including an 80 percent increase in approval speed for invoices, timesheets, quotes and expenses.  

To read more about the benefits for VOGSY read the full case study: https://amp.dev/success-stories/vogsy/

OpenJS Foundation individual supporter program now available: Join us in JavaScriptLandia!

By Announcement, Blog, JavaScriptLandia

This post was written by Sara Chipps, JavaScriptLandia initiative champion.

Whether you’re all about tabs or spaces, an old favorite or a new release, Vim or VSCode, JavaScriptLandia is a place where all JavaScript fans can creatively express support for the JavaScript ecosystem and OpenJS.

Join now!

JavaScriptLandia badge with sun and mountains.

An Individual Supporter Program has been on the community’s wish list, and we’re thrilled to make that available for the first time with the launch of JavaScriptLandia. Immediate benefits of this new supporter program include:

  • A digital badge to add to your online profiles, avatar, blog and/or personal website.
  • Recognition on our global supporter page on the OpenJS Foundation website.
  • A supporters’ weekly newsletter keeping you up to date on the lastest from OpenJS projects, the Cross Project Council, and the Board of Directors. You will also be invited to participate in discussions about governance and new initiatives.
  • Discounts for training, certification, conferences, and other exclusive offers.

Additional benefits will follow as the program grows, and citizens of JavaScriptLandia weigh in on what they would like to see most. This is a worldwide program priced at $25 USD. 

About the program

The Cross Project Council created JavaScriptLandia because community members wanted a way to show off their involvement and support for our project and cross-project communities, as foundation member companies do through their sponsorship. The CPC also sought to create more leadership opportunities for community members outside of and between our open source projects. This creates stronger bonds and a richer picture of OpenJS Foundation contributors.

We’ve also been hearing from our community that they would like a way to get involved. This is perfect for people that aren’t currently contributing to our projects, but are active JavaScripters. Our goal is to provide a method to join the OpenJS Foundation that wasn’t as expensive as sponsorship and would help members get to know the projects as well as have more access to internal goings-on. 

Finally, and perhaps most importantly, JavaScriptLandia seeks to unite an inclusive and diverse group of JavaScript fans from around the world who love all open source JavaScript projects, those that are part of the OpenJS Foundation and those that fall outside of our umbrella. Whatever your experience – or favorite library – JavaSciptLandia is a safe and easy entry point into this community for all.

We are looking for new perspectives and feedback from the vast community of JavaScript developers. That’s you! We’re looking forward to sharing everything that we’ve been doing and welcoming more of you to our meetings and various working groups. 

Full details here on the SUPPORTER PROGRAM repo.

Unite around the most popular programming language that brings a world of diversity among people and projects. Sign up today and you will go far as a JavaScriptLandian. 

To contact the team, please email javascriptlandia@openjsf.org  

Training Course on Diversity in Open Source

By Blog, Training

This post is written by Dan Brown with Linux Foundation Training. This post first appeared on the LF Training blog.

Inclusive Open Source Community Orientation (LFC102) is a new training course from The Linux Foundation and National Center for Women & Information Technology (NCWIT) and is designed to provide essential background knowledge and practical skills to create an inclusive culture in the open source community. 

two people talking over laptop

The course delves into facts about diversity in tech, the importance of diversity for innovation, the basics of unconscious and societal bias, and how to recognize the different ways unconscious bias presents itself in technical environments. The course also provides the knowledge and skills to recognize, appreciate, and include people of differing races, ethnicities, genders, ages, abilities and other identity categories and promote inclusivity and diversity in open source communities.

“The research is clear: a variety of cultural factors and implicit biases prevent many people from meaningful participation in technology cultures,” said Dr. Catherine Ashcraft, Director of Research, NCWIT. “The practices we suggest in the course are intended to address these multiple biases and make the open source community a more inclusive place where currently underrepresented groups are able to thrive and make meaningful contributions to future technical innovations.”

While the 2020 Open Source Jobs Report found efforts by employers to increase diversity in open source hiring activities have increased, there is still progress to be made. 11% of those surveyed for the report stated they have been discriminated against or felt unwelcome due to their personal characteristics, an increase from 8% just two years ago. This course is meant as a starting point for everyone in the community – from technical staff to managers, executives, support teams and more – to learn more about these issues and how to ensure everyone feels comfortable in the workplace and broader community.

“Open source projects are best when they cultivate contributions from a wide range of individuals with different backgrounds from all over the world, so it is prudent for community members to ensure everyone feels welcome,” said Chris Aniszczyk, CTO of the Cloud Native Computing Foundation (CNCF). “This course will guide open source projects on how to build inclusive communities, which is why we will be planning to require all CNCF project leadership to complete this training starting next year.”

LFC102 is available for immediate enrollment at no cost to students. The course complements the existing LFC101 – Inclusive Speaker Orientation which provides knowledge of how to ensure inclusivity in presentations, messaging and other communications. Enroll today and help build an inclusive open source community!

GitHub Actions to securely publish npm packages

By Announcement, Blog

This post is written by Liran Tal with OpenJS Foundation member company, Snyk. This post originally appears on the Snyk blog.

GitHub Actions are growing in popularity ever since GitHub announced general availability for all developers and repositories on the GitHub platform. Fueled with some rate limits we’re seeing in the ecosystem—such as new billing and rate limits for open source from Travis CI—will further drive developers to migrate their software automations to GitHub Actions.

In this article, I’d like to show you how I’m using GitHub Actions to publish npm packages that I maintain in my open source projects. If you’re following the GitHub flow which consists of GitHub pull requests workflows, then this will further unify your experience around GitHub workflows for your teams and community contributors in your project.

What is GitHub Actions?

GitHub Actions is a technology developed by GitHub to provide developers with a way to automate their workflows around continuous integration—helping them build, deploy, schedule recurring tasks, and more. GitHub Actions is natively available and integrated into GitHub repositories and features many reusable workflows from community contributors, such as publishing npm packages, publishing docker images, running security tests, and more.

How do actions work in GitHub?

GitHub’s cloud infrastructure is running GitHub Actions for users by creating a workflow file in a GitHub repository directory named .github/workflows, describing the trigger, schedule for the job, and the actions the job should take using YAML.

What is a GitHub workflow?

A GitHub workflow is a set of jobs that would run based on a trigger or a cron-based schedule. A job consists of one or more steps that make up an automated workflow.

Setting up a Node.js project for GitHub Actions

Let’s add an initial GitHub Actions automation to a Node.js project. The GitHub Actions job will install all required npm packages, run tests, and eventually publish our project as an npm package that users can consume.

Our npm package is going to be a Command Line Interface (CLI) for you to browse the amazing list of talks from SnykCon 2020—Snyk’s first-ever global security event that took place in 2020.

The complete project is hosted on GitHub and here is a sneak peek at how the npm package looks like:

npm package released using github pull request workflow

A complete GitHub CI workflow starts off with creating the following GitHub Action file at the root of the repository path: .github/workflows/main.yml

name: main

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [12.x, 14.x]
    steps:
      - uses: actions/checkout@v2
      - name: Build on Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v1
        with:
          node-version: ${{ matrix.node-version }}
      - run: npm ci --ignore-scripts
      - run: npm run build --if-present
        name: Build
      - run: npm test
        env:
          CI: true

The above is very much a stock template for a build and test process of Node.js projects, doing the following:

  1. The trigger is on every push, to every branch.
  2. We run this action on Node.js versions 12.x and 14.x to ensure compatibility across both Node.js LTS versions.
  3. The job then runs several steps that check out the git codebase, runs a secure and deterministic npm install phase, continues to run a build step if present, and finally runs tests.

As you push new commits to the repository, whether you are following a GitHub flow, or a GitHub pull request workflow, you’ll see new jobs queuing up in the repository’s Actions tab. Like the following, that shows our tests running for npm package snykcon:

github continuous integration

Publishing npm packages with GitHub Actions

If all tests pass, and this automation workflow runs in our main branch, we could automate releasing new versions altogether!

When it comes to releasing packages, it’s a good idea to consider the security implications that concern such actions. Let’s review a few of them:

  1. Malicious code: If a vulnerability is intentionally added by someone as part of the code contribution and you missed it, an automatic release when merging to your main branch means it will be available to users immediately. If you manually release immediately, there’s no difference either—however, the more time passes between merging pull requests and releases, it gives more time for the community to scrutinize and help flesh out such issues.
  2. Vulnerable dependency: If a malicious person adds a dependency with known public vulnerability then this dependency will trickle into your users as it gets pulled during the install process. Using a free tool like Snyk to connect to your git repositories and add a status check to prevent you from releasing with vulnerable versions of dependencies, solves exactly this problem.
  3. Malicious dependency through a lockfile: Have you considered what would happen if a contribution to update package.json dependencies would actually inject a malicious package into the lockfile, which nobody takes the time to review anyway, right? I wrote about why npm lockfiles can be a security blindspot for injecting malicious modules so make sure you deep dive into this if you hadn’t considered this attack vector.
  4. Stealing your npm token: In the past, quite a few attempts of malicious packages circled around the notion of stealing a person’s npm token or other sensitive information that exists in environment variables.

The above isn’t meant to be a comprehensive list of security concerns, but it definitely highlights quite a few that we should be aware of.

Speaking of security highlights, do you find that list of possible security concerns an interesting and educational read? It’s a quick threat modeling process, which you can practice more regularly when you build out features. We wrote about it in our DevSecOps Process and there’s a good talk from SnykCon by Alyssa Miller on User Story Threat Modeling: It’s the DevSecOps Way. Check them out!

Let’s go back to our list and focus on the last security concern mentioned—stealing your npm token. Since this article is all about publishing npm packages, it means we need to make an npm token available to the GitHub Actions workflow and this has historically been frowned upon for the following reasons:

  • npm capabilities: historically, releasing npm packages using an npm token, required your npm user to disable two-factor authentication. It’s not anymore and we’re going to learn how!
  • Stealing a token from malicious packages install: if you make the npm token available in your CI as environment variables, then malicious packages that exist in your package dependency tree (beyond your own direct dependencies) may have access to it during, for example, the npm install process, which by default allows packages to run any arbitrary command.

So how do we handle these two valid security concerns?

Firstly, npm has recently made two-factor authentication possible along with issuing automation tokens, so these two capabilities no longer conflict. Secondly, GitHub Actions allows you to make environment variables information available only to a specific step in a job, which means we can make it available only to the npm publish command and not npm install which would’ve allowed indirect dependencies access to it as well.

Let’s get started.

First, enable two-factor authentication for your npm user. Navigate to your account settings on https://npmjs.com/ and enable 2FA Mode for both authorization and publishing.

npm package two-factor authentication

You’ll need to associate an authenticator device, for example, the Google authenticator app on your mobile device, or 1Password if you’re using that to manage your passwords.

Then, head over to Access Tokens management on npm, and create a new token. 

Make sure you create an Automation type token, as shown in the screenshot below which, as the description says, will bypass two-factor authentication and allow you to use it from continuous integration (CI) workflows:

enable npm package token for github continuous integration

We can then make this token available in our GitHub Actions by first creating it as a secret in the GitHub repository secrets management, like this:

github workflow for tokens as secrets

And finally, updating our GitHub Actions workflow to also include a release step. After the build job, add the following publish job:

 publish:
    if: github.ref == 'refs/heads/main'
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v1
        with:
          node-version: 14
      - name: Publish
        run: |
          npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
          npm publish --ignore-scripts
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

It is vital to note the --ignore-scripts argument to the npm publish command, which is critical to a safe publishing workflow. It tells the publish command from the npm CLI to skip all the life cycle scripts specified in the packge.json manifest. This is important—when the malicious package gets installed as part of the dependency graph, it can create an entry such as prepack: “echo ‘do something malicious’” to your own package, which will be triggered when you run npm publish. As you can imagine, that malicious entry can do more harm than just print something to the screen.

The workflow we’re following here significantly reduces such a concern of npm tokens being stolen, or other targets of arbitrary commands execution because:

  1. In our build job, we install packages without allowing them to execute arbitrary commands thanks to the --ignore-scripts command argument provided to npm ci.
  2. Our publish job starts in a fresh new repository checkout. This means that even if it was required to allow script execution as part of npm package installation of the prior build step, all malicious attempts to inject data to the package’s package.json file would be futile.
  3. As a precaution, our publish step includes a --ignore-scripts command argument to avoid executing npm life cycle scripts during this phase.
  4. The npm automation token to release a package is only made available to the publish step.

Given all the above, you would probably sleep better at night by requiring two-factor authentication on every version publishing of the package. That, however, requires a more elaborate setup if you need to enable this in a CI environment and we’ll skip that in this article.

This job specifically runs only on the main branch—so we don’t release during a pull request test run—and only runs with a specific Node.js version, rather than parallelizing job runs of different versions.

Once a GitHub pull request is merged, or a commit is pushed to the main branch, the following publish job will execute and trigger a release for the npm package.

github workflow

View the complete GitHub Actions workflow file for a reference.

It is important to note that we didn’t cover any sort of automated semantic versioning with regards to bumping the versions of our npm packages automatically, based on whether a commit push was a patch, minor or major update to the code. For that, I recommend evaluating semantic-release which the Snyk Advisor also suggests is a very healthy package:

Where do GitHub Actions run?

The scope of GitHub Actions is for a specific repository, and they are executed and managed using GitHub’s cloud infrastructure services, and provide support for Mac, Windows, and Linux platform runners. It is, however, possible to also have self-hosted GitHub runners such as on Google Cloud Infrastructure.

What is GitHub flow?

The scope of GitHub Actions is for a specific repository, and they are executed and managed using GitHub’s cloud infrastructure services, and provide support for Mac, Windows, and Linux platform runners. It is, however, possible to also have self-hosted GitHub runners such as on Google Cloud Infrastructure.

To sum it up

To summarize, building npm packages and releasing them to the broader npm ecosystem can be automated in a secure way using GitHub Actions. The benefits of choosing GitHub Actions is that we maintain the entire developer experience of a git workflow within the GitHub platform.

I also recommend following up on more GitHub Actions integrations that you can easily plug into your project:

Try out my is-website-vulnerable GitHub Action if you want to track end-to-end security tests for a website (detecting vulnerable JavaScript libraries).

NativeScript joins OpenJS Foundation as Incubating Project

By Announcement, Blog

NativeScript is the newest incubating project at the OpenJS Foundation! 

NativeScript joins OpenJS

NativeScript empowers you to access native platform APIs from JavaScript directly. The result is a streamlined and delightful development experience minimizing language switching and IDE jumping. 

An expanding number of use cases including the full spectrum of iOS and Android platform API development with desktop runtime possibilities continue to create excitement and enjoyment to global development communities. Leveraging common web development skills, like CSS and the JavaScript language itself, developers can unlock the full experience and performance from the rich API offerings of the iOS and Android platforms. NativeScript is particularly well-suited to provide opportunities in significant code reuse between web and mobile developments.

Incubating projects under the OpenJS Foundation are projects that are in the process of completing their on-boarding checklist to join the foundation. There are currently 35 open source projects under the OpenJS Foundation umbrella.

NativeScript can be integrated with other native platform APIs to continually enrich and expand JavaScript’s abilities. The framework not only allows usage of plain JavaScript/TypeScript to create applications, but also allows integration with Angular, VueJS, React, Svelte, and any JavaScript-driven frontend framework to allow developers to reuse their web knowledge in their favorite frontend frameworks to create native platform applications.

Why is NativeScript Joining OpenJS?

NativeScript was created in 2014 and quickly gained popularity among JavaScript developers. The software consulting company and strong NativeScript community member nStudio assumed responsibility for this open source project in June, 2020, to support increased community interest and improved engagement with the core framework.

The project then shifted to an open governance model in June of 2020, inspired by the Node.js and JS Foundations and by other standards bodies. Joining the OpenJS Foundation will allow the project to strengthen this focus on transparency and openness as a basis for growing the community around the world.

“We are excited to be joining the OpenJS Foundation. We believe this will directly benefit both a wonderful community of developers and end user businesses that rely on it worldwide. We have been involved with NativeScript for the past six years, and we see joining OpenJS as a natural step in its evolution,” said NativeScript maintainer and nStudio Senior Partner Nathan Walker. “NativeScript is a uniquely delightful tool for empowering JavaScript developers with access to native platform APIs, and we are constantly inspired by the thoughtful and passionate community to improve the technology.” 

“We are thrilled to welcome NativeScript. The OpenJS Foundation exists to house a diverse set of open source projects that contribute to the JavaScript ecosystem on a global scale,” said Robin Ginn, OpenJS Foundation executive director. “It’s exciting when projects come in whose goals align similarly to ours. We will provide resources and guidance to help NativeScript move forward in multiple fronts including governance, technology, community outreach and much more.”

“As a prominent project in the open source JavaScript community, having NativeScript join as an incubation project is an important addition to the Foundation,” said Joe Sepi, OpenJS Foundation Cross Project Council Chair. “We as a community are excited that NativeScript has taken this important step in their growth and evolution and look forward to their continued success. I am pleased NativeScript has chosen the OpenJS Foundation as its home.”

“I demand a lot from our development team in order to deliver the best user experience within the Sweet app, and NativeScript has been able to deliver,” said Tom Mizzone, CEO Sweet.

“Working with Nativescript has been the most fun I’ve had developing in years,” said Mike Carzima, Solutions Architect, iMedia Inc.

NativeScript can be cloned here. Get started immediately!

Resources

The OpenJS Foundation provides a wide range of resources for organizations and individuals involved in the adoption and ongoing development of key JavaScript solutions and related technologies.

 

Happy 25th Anniversary JavaScript

By Announcement, Blog

At the OpenJS Foundation, we owe so much to JavaScript. With more than 97 percent of the world’s websites using JavaScript, it is the foundation for online commerce, economic growth, and innovation. 

Happy Anniversary, JavaScript!

On December 4, 1995, Netscape and Sun announced the creation of JavaScript, “an open source, cross-platform language for enterprise networks and the Internet.”  

At this year’s OpenJS World, we had the honor of hosting Allen Wirfs-Brock, an authority on JavaScript history, for a fireside chat with Alex Williams, the founder and editor in chief of The New Stack. In this talk, “Exploring the History of JavaScript,” The OpenJS World audience got a front-row seat for an intriguing conversation packed with insights from Wirfs-Brock, who was the project editor for the ECMAScript Language Specification, the international standard that defines the latest version of the JavaScript programming language. For those interested in exploring the colorful 25-year history of JavaScript, we encourage you to check out this talk. 

Today, JavaScript is the common language that brings us to work and into our amazing community each and every day, and we want to take its 25th Anniversary to say thank you and reflect on the amazing year we had.

The open source projects that are hosted with the OpenJS Foundation are the heart of what makes the Foundation. The collaboration, innovative tech, and most importantly, the amazing people are what make the OpenJS Foundation special. This year was a great year for our projects, from new releases to bringing on incubation projects. We thank all project contributors for the important work you do.

We are so thankful to our members for their continued support of the OpenJS Foundation. So far this year, we welcomed Skyscanner and Netflix as the newest members of the OpenJS Foundation.

Thank you to our Board for your time, expertise, and leadership as we continue on our mission to drive broad adoption and ongoing development of key JavaScript solutions and related technologies.

While it hasn’t been a typical year for any of us, this community never ceases to amaze when it comes to pivoting and innovating to continue on our path to grow, learn, and collaborate. For those who have experienced loss this year, we see you, and we thank you for being here.

Dressed to Impress: NET-A-PORTER, Mr Porter and JavaScript Frameworks

By Blog, Case Study, Fastify, OpenJS In Action

For this OpenJS In Action, Robin Glen, Principal Developer for YNAP joined the OpenJS Foundation Director Robin Ginn to discuss their use of JavaScript in building a global brand. YNAP is the parent company of luxury retailer NET-A-PORTER. Glen works within the Luxury division team at NET-A-PORTER (NAP), working on NET-A PORTER and Mr Porter. He has been with NAP for over 10 years. In addition to his work with NAP, Glen is also a member of the Chrome Advisory board.

Glen has been leading the developer team at YNAP for almost a decade, and continues to test, iterate and implement cutting edge open source technologies. For example, he was an early adopter of the Fastify web framework for Node.js to help increase web performance, particularly with the demand spikes his company experiences during holidays and sales.

Topics ranged from ways to make the user experience feel more pleasant and secure, to issues around Javascript bloat. Questions focused on the history of NAP, how NAP chose their current framework, and how that framework allows them to best service customers in their e-commerce site. 

The full interview is available here: OpenJS In Action: NET-A-PORTER, Mr Porter and JavaScript Frameworks 

Timestamps

0:00 Brief Introduction

2:09 Technology and NET-A-PORTER 

3:11 Defining Architectural Moment

4:50 Where YNAP is Today

6:50 Factors in Choosing Technologies? 

10:30 Fastify

14:00 YNAP and JS Foundation

15:10 Looking Forward: Engineering Roadmap  

18:58 What’s a “Good Day At Work” for you?

20:00 Wrap-Up