Skip to main content
Category

Blog

Node.js Security Progress Report – Threat Model and Dependency Analysis Improvements

By Blog, Node.js, Node.js Security

August was a big month for improving Node.js security, assisted by the Open Source Security Foundation (OpenSSF) grant to OpenJS. There was work on the Node.js Threat Model, Dependency Analysis that created new automatic notifications, and there will be Node.js Working Group presentations on these topics and more at the upcoming Collaborator Summit in early October.

Threat Model

Threat modeling is a structured approach of identifying and prioritizing potential threats to a system, and determining the value that potential mitigations would have in reducing or neutralizing those threats. – OWASP

Work on the Node.js Threat Model continues with  the goal of listing all the current threats and their mitigation for each environment using Node.js. The Threat Model document will provide context on what will or will not be considered a vulnerability in Node.js, and will serve as a guide for application security operations in support of development teams building on top of the Node.js platform.

Dependency Analysis

A daily workflow has been created to scan Node.js dependencies and look for vulnerabilities. Whenever a vulnerability is found, an issue is created and assessed. Node.js now gets vulnerability reports about dependencies once per day as soon as vulnerabilities are identified, instead of waiting for manual reporting. 

Check out the repo for the status CVEs reported against Node.js dependencies.

Meeting Face to Face

Rafael Gonzaga from the Node.js Security Working Group will be presenting at the OpenJS Foundation Collaborator Summit, held in Dublin, Ireland, Oct 1-2, 2022. He will be presenting on what’s next for Node.js in Diagnostics and Security. Come talk about Node.js security with us!

OpenJS Foundation Supports Diversity in Open Source at Grace Hopper Celebration

By Blog, Event

The OpenJS Foundation is a strong proponent of women in open source, and we couldn’t be more excited to support this mission at the Grace Hopper Celebration Conference this year in Orlando. Grace Hopper Conference (GHC) is the world’s largest gathering of women technologists where women from around the world can learn, network, and celebrate their achievements.

Diversity, equity and inclusion is extremely important to both the OpenJS Foundation and the Linux Foundation. We encourage open source participation for people of different backgrounds, nationalities, orientations, and identities to create open source software, hardware, and standards. We believe that diversity in participation produces better technologies. Diverse communities are stronger communities. 

For more details on the Linux Foundation’s support of DEI efforts, please see The Linux Foundation Report on Diversity, Equity, and Inclusion in Open Source

Hack with Node.js

We’re thrilled that Node.js has been selected as a featured Open Source Day Hackathon project. Preceding the event on September 16, Grace Hopper will host a virtual Open Source Day (OSD), an all-day hackathon where you can work with peers and Node.js mentors. Participants of all skill levels are welcome! We’re excited to see what you contribute. 

If you’re not able to attend the Hackathon, we encourage you to still get involved with Node.js and start contributing! More information can be found on GitHub.

Open Source Day Workshop

In addition to the Hackathon, join OpenJS Executive Director Robin Ginn for a workshop on The Open Source Games with John Mark Walker and Brittany Istenes from Fannie Mae, and Gil Yehuda from U.S. Bank. Workshop attendees will participate in a mock open source problem resolution and develop a more nuanced understanding of the level of effort required to sustain open source software communities. It will help participants see how “the falafel gets made” from the perspective of different open source ecosystem stakeholders.

OpenJS at Grace Hopper Celebration

We will be at the conference in Orlando, Florida, from September 20-23. If you are attending in person, make sure to stop by and say hi to our OpenJS representatives, as well as other projects from the Linux Foundation including CNCF, Hyperledger, LF Training, OpenSSF and RISC-V.

We will also be running a promotion for Node.js training during the event. Use code GH22 for a 25% discount on any e-learning course or certification, from September 19 through October 7, 2022.

Additionally, we invite you to join us for our Open Source Happy Hour on September 20 at Café Tu Tu Tango in Orlando. Stop by the Linux Foundation booth to get your free ticket to attend. Space is limited, so stop by early before tickets run out.

Thank you to all of our women identifying contributors – we hope to see you at Grace Hopper next week!

New Company, New Member: Platformatic Joins the OpenJS Foundation

By Announcement, Blog

Modern and scalable API platform aimed at simplifying back-end development created by two Node.js and Fastify veterans

SAN FRANCISCO – September 12, 2022 – The OpenJS Foundation, providing vendor-neutral support for sustained growth within the open source JavaScript community, is announcing today that Platformatic has joined as a silver member. The OpenJS Foundation is home for critical open source JavaScript projects including Appium, Dojo, Jest, jQuery, Node.js, webpack, and more.

Just announced last week, Platformatic is a startup company with a platform that aims to remove the friction from backend development. It is created by OpenJS Foundation Board Director and Fastify creator Matteo Collina, and Luca Maraschi, a seasoned executive.

Platformatic will continue to invest in Node.js and Fastify ecosystems, and release new open source tools.

“We are excited to welcome Platformatic as the newest member of the OpenJS Foundation,” said OpenJS Foundation Executive Director, Robin Ginn. “I’m always inspired by the creative collaboration that the founders of Platformatic bring to advance JavaScript development, and know that Platformatic will bring this energy to the foundation.”

“We are pleased to see Platformatic investing in the OpenJS Foundation so early on in their company’s inception,” said OpenJS Foundation Board Chairperson, Todd Moore. “We believe that having a neutral home at the foundation will increase the company’s collaboration and awareness among important developer communities.”

“Platformatic wants to create the best experience for backend developers. Our goal is to remove friction for backend developers, which is ambitious but can be done,” said Matteo Collina, Co-Founder and CTO of Platformatic. “To be clear, I’m not stopping my work maintaining Node.js and Fastify. Platformatic’s roots are in Node.js and Fastify, and as a team, we plan to invest in both the Node.js and Fastify ecosystems even more so by supporting the OpenJS Foundation.”

“Bringing backend developers to the forefront is more important than ever, and supporting the OpenJS Foundation is an important connection to many important developer communities. With the exponential growth of digital experiences and users, the so-called ‘front-end’ has been massively disrupted in the past few years. However, backend development is the missing piece,” said Luca Maraschi, Co-Founder and CEO of Platformatic. “We want to position Platformatic at the intersection of platform engineering challenges and delivery. By creating a foundation of modern APIs, Platformatic is set to remove barriers for delivery.”

Platformatic will announce soon the platform is generally available; follow them on Twitter for the latest updates.

With a mission to help support the sustainable growth of JavaScript by operating as a neutral organization that hosts projects and funds activities, the OpenJS Foundation invites all companies that depend on JavaScript to join as members. If you are an individual and want to get involved, please check out JavaScriptLandia.

OpenJS Resources

To learn more about how you could be a part of the OpenJS Foundation, click here.

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is made up of 35 open source JavaScript projects including Appium, Dojo, jQuery, Node.js, and webpack and is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, Microsoft and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value. 

About Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 3,000 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Capital One Joins OpenJS Foundation

By Announcement, Blog

As a highly-regulated and tech-forward company, Capital One has released more than 25 solutions and made more than 1,500 contributions to 135 different open source projects

SAN FRANCISCO – September 8, 2022 – The OpenJS Foundation, providing vendor-neutral support for sustained growth within the open source JavaScript community, is announcing today that Capital One© has joined as a new silver member. The OpenJS Foundation is home for critical open source JavaScript projects including Appium, Dojo, Jest, jQuery, Node.js, webpack, and more.

“JavaScript is a key technology tool in financial services, and we are excited to work with Capital One as our newest OpenJS Foundation member. We look forward to their leadership in contributing to JavaScript and FinTech, benefiting their customers worldwide and the broader open source community,” said Robin Ginn, OpenJS Foundation Executive Director, “Capital One has been a great collaborator in open source and we welcome the continued technical expertise in helping to move JavaScript and Node.js development forward.”

As a part of its 10-year technology transformation, Capital One made an open source-first commitment to software development and established an Open Source Program Office in 2015. Today, the company relies on the JavaScript/Node.js ecosystem for a significant portion of its software development and delivery for both internal and external facing systems. In an effort to give back to the open source community, Capital One has released more than 25 solutions and made more than 1,500 contributions to approximately 135 different open-source projects.

“Capital One has been utilizing JavaScript and Node.js for years to increase our speed and agility in delivering breakthrough products and experiences for our customers,” said Franz Zemen, VP, Software Engineering at Capital One. “We are proud to join the OpenJS Foundation and collaborate with its members to give back to the open source community by supporting and maintaining the open source software that we all need.”

“Capital One has been a long time proponent of open source technology in financial services,” said Todd Moore, OpenJS Foundation Board Chairperson. “By creating a neutral home for the JavaScript ecosystem, the OpenJS Foundation’s goal is to drive broad adoption and ongoing development of key JavaScript solutions. We know that welcoming Capital One as an OpenJS Foundation member will help build open source tools in FinTech and strengthen the overall JavaScript community.”

With a mission to help support the sustainable growth of JavaScript by operating as a neutral organization that hosts projects and funds activities, the OpenJS Foundation invites all companies that depend on JavaScript to join as members. If you are an individual and want to get involved, please check out JavaScriptLandia.

OpenJS Resources

To learn more about how you could be a part of the OpenJS Foundation, click here.

OpenJS Node.js Certification Program

OpenJS Latest News and Blogs

OpenJS Slack Workspace 

About OpenJS Foundation

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is made up of 35 open source JavaScript projects including Appium, Dojo, jQuery, Node.js, and webpack and is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, Microsoft and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value. 

About Capital One

Capital One Financial Corporation (www.capitalone.com) is a financial holding company whose subsidiaries, which include Capital One, N.A., and Capital One Bank (USA), N.A., had $307.9 billion in deposits and $440.3 billion in total assets as of June 30, 2022. Headquartered in McLean, Virginia, Capital One offers a broad spectrum of financial products and services to consumers, small businesses and commercial clients through a variety of channels. Capital One, N.A. has branches located primarily in New York, Louisiana, Texas, Maryland, Virginia, New Jersey and the District of Columbia. A Fortune 500 company, Capital One trades on the New York Stock Exchange under the symbol “COF” and is included in the S&P 100 index. Visit Capital One About for more information.  

About Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

From OpenJS World 2022: Cory Doctorow, Science Fiction Author, Activist, and Journalist

By Blog, OpenJS World

Cory Doctorow, Science Fiction Author, Activist, and Journalist, gave a short presentation on technology scaling up, Competitive Compatibility (“ComCom”), and tech laws relevant to open source. Cory began the presentation by sharing certain practices of big tech firms like Facebook. He continued by mentioning problems with certain tech laws and the idea of restoring ComCom, as well as a real-world example. Cory closed the presentation with the element of government procurement and invited the audience to check out a couple of resources that can assist in such issues. 

Full keynote available here: https://www.youtube.com/watch?v=kPlQufpzywc 

Main Sections:

0:00 Introduction

0:50 Technology scaling up

3:51 Interop

5:24 Problems with tech laws 

9:15 Restoring ComCom

11:36 Real-world example

14:51 ComCom and mandates

16:10 Element of government procurement 

17:16 Closing

Main OpenJS Resources: 

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/openjs-foundation/

OpenJS Collaborator Summit – Join us in Dublin + Virtual October 1-2!

By Blog, Event

Join us in Dublin, Ireland, and virtually October 1-2, 2022, for the OpenJS Collaborator Summit! The Collab Summit is a great time to connect with peers from other projects and learn more about what they are doing and how OpenJS Foundation community members can support your work.

What’s in it for you

  • Meet OpenJS project contributors and the Node.js Technical Steering Committee, share feedback, and talk about the future of the projects, including Node.js
  • Dive into and participate in technical discussions
  • Learn how to contribute to the projects and become part of the project team
  • Make friends and get to know the community!

The details

The team has put together a guide on what to expect out of the event here on GitHub. Additionally, you can join the conversation with other folks that are attending here and on our #collabsummit Slack channel. Please note that the event will take place prior to NodeConf EU, a leading Node.js event in Europe being held in Kilkenny, Ireland, October 3-5.

Please visit our Eventbrite to register for free and receive details about attending virtually.

See you there!

OpenJS Open Visualization Collaborator Summit – Join us in Madrid + Virtual September 22-23!

By Blog, Event

Come join the OpenJS Foundation community to discuss the present & future of the leading open source library for geospatial applications. At the Open Visualization Collaborator Summit, we’ll be bringing together an international audience of geospatial minds to discuss how they are using deck.gl to build apps, foster more contribution and envisage the future of the leading open source mapping library.

Hear from speakers across the geospatial community from companies like Foursquare, Google, Joby, NVIDIA and more.

Register today

We’ll be hosting the OpenJS Open Visualization Collaborator Summit in Madrid, Spain, at the CARTO offices, as well as virtually. Registration is free and is available via Eventbrite

See you there!

From OpenJS World 2022: Embracing Open Source to Beat the Great Reshuffle – Joe Sepi, Program Director of Open Technology, IBM

By Blog, OpenJS World

Continuing on in our OpenJS World Keynote Series, we’re highlighting a presentation on Embracing Open Source to Beat the Great Reshuffle from the June conference. To view all of the keynotes and presentations, please visit the OpenJS YouTube Channel.

Joe Sepi, Program Director of Open Technology at IBM, gave a presentation on IBM practices to embrace open source to beat the great reshuffle. Integrating open source at the core makes good sense from a business perspective in a variety of ways. In this keynote, Joe focused on the people part of the benefits, from talent to culture. Empowering employees to be authentically engaged in open source can provide access to an excellent hiring pipeline, help insulate companies against the “great reshuffling,” and bring greater returns on investments.

Full keynote available here: https://www.youtube.com/watch?v=KxQkNVn9niM 

Main Sections

0:00 Introduction

3:14 Open Source at IBM 

4:25 Before Open Source was cool

8:02 Open Source contributions through time

9:08 Closing and thank you!

Main OpenJS Resources

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/openjs-foundation/

From OpenJS World 2022: The State of JavaScript Supply Chain Security in 2022 – Feross Aboukhadijeh, Founder & CEO, Socket

By Blog, OpenJS World

Continuing our OpenJS World Keynote Series, we’re highlighting a keynote on The State of JavaScript Supply Chain Security. To view all of the keynotes from the conference, please visit the OpenJS YouTube Channel.

Feross Aboukhadijeh, Founder & CEO of Socket, presented on the current state of software supply chain security in JavaScript at OpenJS World 2022 in June. Software supply chain attacks have exploded since 2021 and are accelerating in 2022. 

In the presentation, Feross provided examples of recent supply chain attacks and what concrete steps we can take as an ecosystem to protect ourselves from this emerging threat. Feross highlighted certain packages, their security issues, and things to look for to practice open source in the safest way. Feross continued his presentation by also sharing tools and systems that can assist in protecting against malware. Finally, the presentation closed with a “JavaScript Security Wishlist” and other goals for the community to aim for.

Full keynote available here: https://www.youtube.com/watch?v=PxLEjzi9rXQ 

Main Sections:

0:00 Introduction

1:25 Hacker story share 

6:00 Tip of the iceberg

7:17 Why is it happening now?

11:55 How does a supply chain attack actually work?

17:18 How can you protect your app?

21:14 How quickly should you update?

22:53 Standard dependency checklist 

25:10 What about a package doing something sketchy?

25:26 What about Malware?

30:50 Closing 

Main OpenJS Resources: 

Main Site: https://openjsf.org/ 

Blog: https://openjsf.org/blog/ 

Join: https://openjsf.org/about/join/ 

Certification: https://openjsf.org/certification/

Twitter: https://twitter.com/openjsf

LinkedIn: https://www.linkedin.com/company/openjs-foundation/

A Warm Welcome to our New OpenJS Board Directors

By Announcement, Blog

As of August 2022, we have three new members on the OpenJS Foundation Board of Directors. They are filling positions on the Silver level and Community level. We are excited for them to bring their expertise to the OpenJS Foundation! 

The board sets technical policy, including “mission and vision statements, describing the overarching scope of foundation initiatives, technical vision, and direction.”

How Members Are Chosen

According to our bylaws, each Platinum member is entitled to appoint one Director to the board, and the Platinum Directors are eligible to serve as chairperson and vice-chairperson. Gold and Silver members vote among themselves to select their representatives. The Board also includes community representation, with two Community Directors nominated by the Cross Project Council (CPC) and its chartered committees with staggered elections.

New Silver Board Members

Abigail Cabunoc Mayes, Silver Director, GitHub

Abby leads GitHub’s open source maintainer programs where she works to help maintainers – and the open source ecosystem – thrive. Before joining GitHub, Abby led Mozilla’s open source engagement strategy for MozFest and trustworthy AI. She founded and led Mozilla Open Leaders, a program that has worked with over 600 open projects globally. She is active in the open source ecosystem as a current or past member of a variety of committees and editorial boards including the Journal of Open Source Software, the Mozilla Open Source Support Awards, and SustainOSS.

Paula Paul, Silver Director, Nearform

Paula has a rich career in software engineering, from mainframe product development at IBM to championing innovative open source and developer experience efforts in her current role as a Field CTO with NearForm. She is a distinguished engineer, author, speaker, angel investor, and mentor who is passionate about diversity and inclusion in engineering. Paula also serves on the Grace Hopper Open Source Day committee for AnitaB.org.

New CPC Board Director

Matteo Collina, CPC Board Director

Matteo is a prolific Open Source author in the JavaScript ecosystem and modules he maintains are downloaded more than 60 billion times a year. Previously he was Chief Software Architect at NearForm. In 2014, he defended his Ph.D. thesis titled “Application Platforms for the Internet of Things”. Matteo is a member of the Node.js Technical Steering Committee focusing on streams, diagnostics and http. He is also the author of the fast logger Pino and the Fastify web framework. Matteo is an renowned international speaker after more than 60 conferences, including OpenJS World, Node.js Interactive, NodeConf.eu, NodeSummit, JSConf.Asia, WebRebels, and JsDay. He is also co-author of the book “Node.js Cookbook, Third Edition” edited by Packt. In the summer he loves sailing the Sirocco.