Skip to main content
Category

Blog

From OpenJS World 2023: To Rewrite, or Not to Rewrite, That Is the Question – Bryan Hughes

By Blog, OpenJS World

Talk from Bryan Hughes, Staff Software Engineer, Patreon at OpenJS World 2023 in Vancouver, Canada, May 10-12.

We all know those OSS codebases; old, brittle, and getting in the way of adding new features and onboarding new collaborators. “I know!” you think, “Let’s rewrite this using shiny new tech! It’ll solve all our problems!” Sometimes rewriting is the best option, and sometimes it’s not. Even when it is, successfully rewriting a codebase is quite difficult in practice. Based on personal experience, in his talk, Bryan walks through the planning and implementation process to actually finish that long-desired rewrite.

Bryan covers key topics such as decomposing the codebase, different types of rewrites (full rewrite, partial rewrite, heavy refactor, light refactor), project planning, implementation, and the broader impact of rewriting code to benefit others. The presentation concludes with a gratitude message and a Q&A session.

Full talk available here: To Rewrite, or Not to Rewrite, That Is the Question

Bryan’s slide deck is available here.

Main Sections

0:00 Introduction

1:38 Decomposing in December 2014

3:47 A taxonomy of rewrites

5:35 Full rewrite

7:17 Partial rewrite

8:17 Heavy refactor

9:12 Light refactor

9:49 Define the problem

13:05 Determine constraints

17:16 Project planning 

21:47 Implementation

25:22 Release

33:05 The big picture 

36:35 Rewrite to serve others

37:15 Thank you and Q&A

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

Appium 2.0 Officially Released: Extensible Ecosystem for Automation Makes It Easy to Add Your Specific Tests

By Announcement, Appium, Blog, Project Update

We’re delighted to share that Appium 2.0 is now available

Appium is an open source test automation framework for use with native, hybrid, and mobile web apps. Appium is an Impact project under the OpenJS Foundation ecosystem.

Appium drives iOS and Android apps using the WebDriver protocol. Appium can be used for testing native mobile applications (iOS or Android), mobile web applications (Safari or Chrome) and hybrid mobile applications that combine both. This makes it a versatile tool that can be used for a variety of projects. Appium is used by companies like GEICO, Charles Schwab, Walmart, and many more.

“Appium’s vision has always been larger than being a mobile app automation tool. The WebDriver paradigm was a good fit for the web, and it turned out to be a good fit for mobile too. With Appium 2, we wanted testers to be able to reach for a single tool to accomplish all their automation tasks across multiple platforms,” said Jonathan Lipps, Senior Director, Automation Technologies at Headspin, Inc., and the project lead for Appium. “Thank you to all Appium collaborators and contributors. This is a major milestone!”

2.0 reenvisions Appium as a platform where drivers and plugins can be easily created and shared. With a more friendly and standard interface, Appium 2.0 offers:

  • A new system for developing and sharing Appium drivers to facilitate automation of new platforms
  • Plugins that extend or modify any of Appium’s behaviors
  • The ability to install drivers and plugins from across the ecosystem with a single command

Interested in learning more? Join Appium Project Lead Jonathan Lipps for a free webinar on July 11, 9:00-10:00 AM PDT. Register now!

Congratulations to all of the collaborators and contributors on this major launch. Try out Appium 2.0 today!

From OpenJS World 2023: The Evolution of Open Source through Design – Lise Noble

By Blog, OpenJS World

Talk from Lise Noble, UX/UI Distinguished Engineer, Discover Financial at OpenJS World 2023 in Vancouver, Canada, May 10-12.

Lise Noble discusses the industry’s adoption of open source software as a means to drive innovation and efficiency. While organizations have been increasingly embracing Design Thinking and incorporating it into their product development practices, there is a growing demand to extend open source principles to the entire design process and lifecycle.

In this talk, Lise shares the approach to design and the emerging need for DesignOps to improve the quality of speed of effective design and the emerging opportunity for Designers in the open source community. Lise covers the lack of design in UX and UI and shares methods for including and practicing accessibility. She wraps up by exploring the future of open source in design. 

Full talk available here: The Evolution of Open Source Design

Lise’s slide deck is available here.

Main sections

0:00 Introduction

1:17 Agenda

2:01 Engineering and design 

4:05 Lack of design and open source

7:01 Design thinking 

11:48 Common complexities

12:54 What if???

15:13 Intro to unified design with theme builder 

16:40 Atomic design and samples

18:12 Accessibility

19:13 Common disabilities/impairments

22:25 The state of Accessibility – provided by GAAD

23:08 Accessibility and atomic design 

24:25 Accessibility and color are HARD

26:26 Introducing theme builder – an open source project

27:00 Systems and themes

28:04 Layering systems and themes

31:05 Sub-branded themes?

32:23 What is design Ops Toolchain?

35:39 Importing code from Theme Builder into Figma

37:12 The benefits

37:43 Discover’s contributions to Open Source 

38:27 Looking ahead

41:35 The future of design and open source 

42:51 Thank you!

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

From OpenJS World 2023: Advancing Web Runtime Interoperability with WinterCG – Ethan Arrowood, Vercel

By Blog, OpenJS World

Talk from Ethan Arrowood, Senior Software Engineer, Vercel at OpenJS World 2023 in Vancouver, Canada, May 10-12.

WinterCG is a community group dedicated to promoting web interoperability and advancing the development of web runtimes such as Node.js, Vercel Edge Runtime, Cloudflare Workers, and more. In this talk, Ethan discusses the challenges and opportunities facing web runtime interoperability and showcases the innovative solutions being developed by WinterCG. Ethan provides an overview of the group’s mission, values, and members. Additionally, he highlights achievements and summarizes ongoing projects. Finally, Ethan offers a glimpse into WinterCG’s aspirations for the future and the impact that interoperable web runtimes will have on shaping the web of tomorrow.

Full talk available here: Advancing Web Runtime Interoperability with WinterCG: Empowering the Future of the Web.

Ethan’s slide deck is available here.

Main Sections

0:00 Introduction

1:14 Why the group was formed

2:06 The goal of WinterCG

3:08 Non-goals

4:21 The process: collaborate, propose, implement 

10:53 Achievements 

11:45 Achievement: Fetch – Static response.json()

12:30 Work in progress – relax forbidden headers 

13:46 Work in progress – performance and web crypto streams

14:40 Work in progress – AsyncContext

15:00 Closer look – AsyncContext

19:01 Work in progress – “wintercg” common key

23:38 Get involved

25:00 Thank you and Q&A

OpenJS Resources

About the OpenJS Foundation

Join the OpenJS Foundation

Follow Us on Social

Node.js Security Progress Report – First Response Time Down to 8 Hours, New Security Release Announced

By Blog, Node.js, Node.js Security

Last month, we reported that the first response time in April was down to 18 hours. For May, it dropped again, down to 8 hours. Our established goal is a 48-hour response time, making an 8 hour response time excellent. Real-world response time will likely fluctuate up and down some moving forward as we work through improving our processes including our new Permission Model and automation of dependencies and build processes. 

Beyond that, 5 reports were created in April and 2 were closed from May. In April, 6 hackers participated. This type of outside participation is extremely encouraging, thank you for your contributions!

We completed the first initiative from 2023 for automating dependencies. This will go a long way to creating security sustainability and we’re  working hard on automating the security release process itself. 

Big thanks to OpenSSF and Project Alpha Omega for their continued support. Partnership details are outlined here: Security Support Role 2023.

Support for Security Releases

The next security release is scheduled for June 20, 2023, and we are actively working on multiple security fixes. OpenSSL Security Release 29/05 came out and will be integrated into this release and the c-ares security release. 14 reports affecting different active release lines came out in May. More information here.

Three regular releases came out (v20.1.0, v20.2.0 and v20.3.0) and we’ve been focusing on coordinating upcoming releases, making sure there is clear alignment with the Node.js team and releasers, and creating and backporting fixes.

What’s a backport? Many security fixes are for the most recent version since this is the focus of attention. The goal is to create backport pull requests for previous versions at the same time. So, if we fix something in Node.js 20, there are fixes available for older versions, like Node.js 16, when needed.


Node.js Security Working Group Initiatives

There was good discussion about supporting environment variables as part of the Permission Model. The idea is to know explicitly what resources an application is accessing when it runs.

The current proposal is to add variable names into an allowlist using the –allow-env flag as shown below. Any variables not included in the allowlist will be inaccessible through process.env.

Assessment against security best practices to make progress. We are actively monitoring undici, node, and security-wg repositories. And we are improving the OSSF Scorecard undici that helps in our assessment in comparison with best practices.


Node.js Security Sustainability

Check out all of our recent speaking engagements:

We’re meeting with the Google Open Source Security Team to discuss the Permission Model. They’ve participated in our recent Security WG sessions, and we believe this is a positive step forward in helping with security sustainability.

Are you interested in getting involved? The new Permission Model is still experimental, which makes it the right time for you to try it. 

Be sure to join us for this month’s meetings: https://github.com/nodejs/security-wg

Node.js Security Progress Report – Automation, Automation and more Automation

By Blog, Node.js, Node.js Security

Last month, the Security Working Group initiatives focused on the Permission Model and Automated Update Dependencies. 

There were 10 security reports in April with more people participating than the previous month. Response time in April was 18 hours before the first response back from us, which is less than our goal of a 48 hour response time.

As always, thank you to OpenSSF and Project Alpha Omega for their continued support. The exact details of the partnership are outlined here in the Security Support Role 2023 document.

Automation Update Dependencies

In total, 11 dependency update automation were completed this month, which included undici, openssl, v8, npm and more. There are only 2 more automations to go.

As a reminder, the Security Working Group started investigating dependencies in Node.js in November last year. They identified automated updates, and which ones should be prioritized: https://github.com/nodejs/security-wg/issues/828. We can already see the benefits of this work by looking at the increased number of pull requests for dependency updates automatically submitted to the project. 

Security Release Automation

The Security Working Group is focusing on implementing automation for the key dependencies in the build. This makes the overall process easier and less prone to error, and it makes it possible in the future for different stewards to complete the process. 

There are currently 26 steps in doing a Node.js security release.If greater automation works, it will be a big step forward. Please expect more information on this topic soon!

Permission Model

There have been over 10 months of work on building a new Permission Model. To help clarify next steps and guide the discussion, a roadmap issue (#898) was created to discuss the future of the Permission Model. 

Are you interested in getting involved? The new Permission Model is still experimental, which makes it the right time for you to try it. Any bugs are considered vulnerabilities because they are security features. 

JavaScriptLandia Awards: Pathfinder for Security 

Last week at OpenJS World 2023, the OpenJS Foundation held their second annual JavaScriptLandia awards and recognized Rafael Gonzaga from Nearform. 

Rafael has made significant contributions to Node.js security and has received positive feedback on his efforts to improve the security ecosystem. His contributions to reports and blogs have generated great visibility from social media, and he has personally trained and brought engineers into the Node.js Security Working Group to build the community towards self sufficiency. 

Congratulations, Rafael!

Join Us!

Be sure to join us for this month’s meetings: https://github.com/nodejs/security-wg

Meta Joins the OpenJS Foundation

By Announcement, Blog, Jest

The creator of popular open source projects like React, React-Native and Jest, joins the OpenJS Foundation

SAN FRANCISCO – May 10, 2023 – The OpenJS Foundation, providing vendor-neutral support for sustained growth within the open source JavaScript community, is announcing today that Meta has joined as a gold member. 

“Welcome Meta! Their positive effect on the JavaScript ecosystem has been amazing. Heavy users at scale of JavaScript itself, creators of React and React-Native, creators of multiple key open source projects,” said Robin Ginn, OpenJS Foundation Executive Director. “We look forward to working more with Meta’s leadership and expertise to increase support for the diverse open source communities at OpenJS.”

Meta Open Source has been key in creating and open sourcing many projects crucial to the JavaScript ecosystem, such as React, Jest, and Flow. Last year, Meta contributed its popular JavaScript testing project Jest to OpenJS, which garnered an enthusiastic response from developers for this community-led project.

As a global leader with a mission of creating community and bringing people closer together, Meta understands the importance of open collaboration to sustain and improve JavaScript development. Working collectively with other member companies and with the guidance of the OpenJS Foundation, Meta will continue to contribute and advocate in the community. 

“Open source has the potential to be more inclusive and more empowering than ever. Joining the OpenJS Foundation is a large step forward in supporting our open source communities. We hope to provide not only leadership, but to learn from the community,” said Killian Murphy, Sr. Engineering Director, Developer Experience & Platforms. 

“The broader JavaScript ecosystem benefits from Meta becoming an OpenJS Foundation member. In fact, we’ve already been working together in multiple different ways, and this makes official what has already been a great relationship,” said Shayne Boyer, OpenJS Foundation Board Director. “

To learn more about how you can be a part of the OpenJS Foundation, click here.

OpenJS Resources

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is made up of 41 open source JavaScript projects including Appium, Dojo, Jest, jQuery, Node.js, and webpack and is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Joyent, Microsoft and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value.

About Meta

Meta builds technologies that help people connect, find communities, and grow businesses. First launching Facebook in 2004, it changed the way people connect. Meta brings apps like Messenger, Instagram and WhatsApp to further empower billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology.

About Meta Open Source

Meta has long been a supporter of open source software and the open source community. In addition to making a lot of our engineering work publicly available, including sharing our research, code, designs, and engineering work, we also invest in organizations that are important for the long-term sustainability of the open source ecosystem.

About Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

OpenJS World 2023 – Celebrating Innovation in the JavaScript Ecosystem

By Blog, OpenJS World

It’s day one of OpenJS World, the OpenJS Foundation’s semi-annual event bringing together the JavaScript and web development communities! 

Want to network and find out how you can get more involved in JavaScript? OpenJS World covers the broad spectrum of the JavaScript ecosystem, including technical content from OpenJS Foundation open source projects and much more. Be sure to tune in virtually for the remaining sessions this week: Virtual registration here.

The full schedule is available here, including talks by the OpenJS Foundation’s executive director Robin Ginn, Ethan Arrowood from Vercel, Abby Cabunoc Mayes from GitHub, Kazuhito Yokoi from Hitachi and many more!

We’re excited to share the progress of our members and projects this week at OpenJS World, read on to find out what’s new this week!

Meta Joins the OpenJS Foundation

Meta has joined the OpenJS Foundation as a gold member! Meta Open Source has been key in creating and open sourcing many projects crucial to the JavaScript ecosystem, such as React, Jest, and Flow. Last year, Meta contributed its popular JavaScript testing project Jest to OpenJS, which garnered an enthusiastic response from developers for this community-led project.

More details are available in our blog post.

Major Commitment to Security and Stability

The OpenJS Foundation has achieved significant milestones this year focused on improving JavaScript security. Last week, we announced that the Sovereign Tech Fund, financed by the German Federal Ministry for Economic Affairs and Climate Action, awarded the OpenJS Foundation EUR 875,000 (USD 902,000). This largest ever government investment in a Linux Foundation project will allow us to deliver infrastructure updates across our project portfolio through a single-scalable solution and develop and deliver security and maintenance policies and practices for critical projects.

Additionally, our continued work with OpenSSF’s Project Alpha-Omega has granted funding for both Node.js and jQuery this year. Alpha-Omega is committing $300,000 to focus on improving supply chain security by improving Node.js security infrastructure. The funding is bolstering the Node.js security team and vulnerability remediation efforts, with a focus on supporting better open source security standards and practices. It was started in 2022 and renewed in 2023. Alpha-Omega is also committing another $350,000 to reduce potential security incidents for jQuery by helping modernize its consumers and its code. OpenJS, working with the jQuery maintainers and industry experts, will conduct an ecosystem risk audit, work on an expansion of its infrastructure modernization project, and build and promote a web modernization campaign for awareness and buy-in.

Championing our Community with Awards and Discounts!

At OpenJS World today, we are announcing our second annual JavaScriptLandia award members, showcasing an incredible array of creativity, diversity and energy – check them out in our blog post! Maybe you can be one of the winners next year!

Also, if you’re interested in improving your technical skills and understanding how you do on vendor-neutral certification tests, we have a OpenJS World-only discount available for you. We’re offering 60% off Node.js Training and Certification bundles with code OPENJSWORLD2023.

Certification is an important component of building and strengthening the JavaScript ecosystem. Certified developers can quickly establish credibility and value in the job market. Certification also allows companies to locate and hire high-quality teams to support their growth.

We hope you’ll tune in virtually to our event this week! After OpenJS World is over, we’ll have the videos up on our YouTube page to view on demand.

Happy OpenJS World!

JavaScriptLandia Community Awards Showcase Creativity, Diversity and Energy

By Blog, JavaScriptLandia

From OpenJS World 2023 – The OpenJS Foundation is celebrating 6 key community leaders, honoring them with our second annual JavaScriptLandia Awards for contributions to education, standards, security and more. Award Winners were recognized at OpenJS World on Wednesday, May 10, and received a plaque and digital badge.

JavaScriptLandia is the home of the OpenJS Foundation’s individual supporter program, where community members can pledge support for OpenJS projects, maintainers, and get more involved in the community while earning badges and other perks.

The nominations for the awards opened in March and were sourced from the broader JavaScript community. Nominations were reviewed by OpenJS Foundation CPC members, board members, and staff and were chosen by consensus.

There are 6 awards available: 

  • Unsung Hero
  • Leading By Example
  • Outstanding Contribution from a New Arrival
  • Pathfinder Awards
    • for Standards
    • for Education
    • for Security 

Unsung Hero nominees are recognized for their willingness to do things that aren’t high profile, glamorous, or even fun, but are important for a well-functioning project and community. Unsung Heroes often do this work with a smile, even if they aren’t being recognized regularly for their contributions. 

Leading by Example nominees are known for demonstrating leadership qualities in their communities that reflect OpenJS Foundation values, like being humble, helpful and hopeful. Exemplary leaders embody open source in spirit and in practice, and inspire others to do the same.

Outstanding Contribution from a New Arrival nominees are new participants in our project spaces who are making a big difference – from contributing new ideas, new leadership on a project workstream, helping with project operations, to community building and more. These individuals are rising stars who help bring fresh energy to our projects.

Pathfinder Awards nominees are people from across the JavaScript ecosystem who have made significant contributions in key areas for OpenJS, including Education, Standards, and Security. These individuals not only move things forward, they bring people along with them as they go, helping to light the way for all. 

The 2023 JavaScriptLandia Awards recipients are:

Unsung Hero

Richard Lau, Red Hat

Richard has been consistently doing an amazing job taking care of the infrastructure that powers the Node.js project while also contributing to both the TSC and the Release Working Group. His dedication is an inspiration to all collaborators.

Leading by Example

Danielle Adams, AWS

Danielle volunteers her time as a Node.js releaser and TSC member. She is smart, reliable, and always positive in the large undertaking of a Node.js release. She also educates the industry on the Node.js release cycles to better prepare developers around the world, like presenting at NodeConf EU 2022 on The Life and Times of a Node.js Release. Danielle is a champion for underrepresented communities. Last year, she helped lead the Grace Hopper Open Source Day Node.js hackathon, mentoring women and nonbinary developers on their first successful PRs to the Node.js project.

Outstanding Contribution from a New Arrival

Claudio Wunder, HubSpot

Claudio has made significant contributions to the Node.js website and plans to improve the project’s documentation generation to help generate metadata needed for the TypeScript ecosystem. Both of these projects are complex, requiring working with many project members, getting buy-in and doing consistent work. His enthusiasm and determination to move things forward is great to see. Claudio has ramped up and contributed in record time.

Pathfinder Award for Education

Erick Wendel

Erick has done a lot of work to promote Node.js to developers. Erick has done over 115 conference presentations and talks around the world to help developers learn about Node.js. Anything from his YouTube video channel that covers advanced JavaScript to his courses on Node.js Streams to his recent experiments on building the Node.js runtime from scratch to engage developers in a fun way.

Pathfinder Award for Security

Rafael Gonzaga, NearForm

Rafael has made significant contributions to the Alpha-Omega project jointly with the OpenJS Foundation and the OpenSSF and received very positive feedback on his efforts to improve the Node Security ecosystem. His contributions to reports and blogs have generated great visibility from social media, and he has personally trained and brought engineers into the Security Working Group to build the community towards self sufficiency. 

Pathfinder Award for Standards 

Brian Kardell, Igalia

Brian has been instrumental in bringing web developers into standards throughout his career. He has an abiding interest in bettering the future web. He has been dedicated in the past year to MathML and bringing more features to the web platform.