Skip to main content
Category

Node.js

Node.js Security Progress Report – Threat Model and Dependency Analysis Improvements

By Blog, Node.js

August was a big month for improving Node.js security, assisted by the Open Source Security Foundation (OpenSSF) grant to OpenJS. There was work on the Node.js Threat Model, Dependency Analysis that created new automatic notifications, and there will be Node.js Working Group presentations on these topics and more at the upcoming Collaborator Summit in early October.

Threat Model

Threat modeling is a structured approach of identifying and prioritizing potential threats to a system, and determining the value that potential mitigations would have in reducing or neutralizing those threats. – OWASP

Work on the Node.js Threat Model continues with  the goal of listing all the current threats and their mitigation for each environment using Node.js. The Threat Model document will provide context on what will or will not be considered a vulnerability in Node.js, and will serve as a guide for application security operations in support of development teams building on top of the Node.js platform.

Dependency Analysis

A daily workflow has been created to scan Node.js dependencies and look for vulnerabilities. Whenever a vulnerability is found, an issue is created and assessed. Node.js now gets vulnerability reports about dependencies once per day as soon as vulnerabilities are identified, instead of waiting for manual reporting. 

Check out the repo for the status CVEs reported against Node.js dependencies.

Meeting Face to Face

Rafael Gonzaga from the Node.js Security Working Group will be presenting at the OpenJS Foundation Collaborator Summit, held in Dublin, Ireland, Oct 1-2, 2022. He will be presenting on what’s next for Node.js in Diagnostics and Security. Come talk about Node.js security with us!

Node.js Security Progress Report – Permission System Gets Its First Pull Request

By Blog, Node.js

July was a busy month for improving Node.js security, with reinforcements from the Open Source Security Foundation (OpenSSF) grant to OpenJS! There was the first pull request for the Permission System, a Node.js Security Release, and a new OpenSSL Security Release which meant updates to Node.js v18, v16, and v14, and triaging and fixing HackerOne reports (5 total).

Permission System

Node.js is building a security Permission System to avoid third-party libraries accessing machine resources without user consent. The Permission System got its first pull request in July! The pull request is 1,200 lines and includes the foundation of the Permission Model. There has been good feedback from the community, and the pull request has been shared publicly. This is the starting point; plenty of review and discussion is expected. 

OpenSSL Update

OpenSSL released a major security update on July 5. Node.js responded with our OpenSSL Security Release Assessment, which stated that the OpenSSL release affects Node.js v18, v16, and v14, with one moderate vulnerability on Windows 32-Bit x86. Our Node.js Security Releases were made available on July 7, covering 7 fixes. (A normal update level is 2-3 fixes.) 

It is best practice to have a revert flag for security updates that can include breaking changes. This is for installations that need a temporary work around. For v16 and v14, we had implemented the fixes without the revert flag (–openssl-shared-config) but are working for it to be available in the next Node.js release. 

Node.js tracks OpenSSL releases closely. The document Maintaining OpenSSL shows how we check requirements, extract new OpenSSL sources, and commit them.

Triaging and Fixing

Node.js analyzes and solves reports on HackerOne. The team triages Node.js issues and fixes security vulnerabilities. HackerOne access is required. For security reasons, reports are not disclosed until getting a CVE designation.

Join us!

Node.js is a critical community-led project where we need more people to contribute. If you are interested in lending your security expertise, we would like your participation. Our Security Working Group meets on Thursdays. You can download the calendar info from here: Node.js Project Calendar and find issues for meetings in this repo: nodejs/security-wg.

Progress Report – Strengthening Node.js Security

By Blog, Node.js, Project Update

In April this year, the OpenJS Foundation announced the Open Source Security Foundation (OpenSSF) had selected Node.js as their initial project to help improve supply chain security. As part of OpenSSF’s Alpha-Omega Project, $300k was committed to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022. The focus is on supporting better open source security standards and practices. The Alpha-Omega repo for Node.js is here.

Since the announcement, OpenJS has quickly onboarded new OpenSSF security support resources who hit the ground running. Better plans and processes have already started to be built out and are already having an impact.

For example, security processes are being improved through a Security Model that is being discussed in the Security Working Group. The structure has been defined and they are currently working to document assumptions from the Node.js runtime. 

The community is creating a new Threat Model that provides context on what will and will not be considered a vulnerability in Node.js, which will particularly help inform security researchers. It includes all the current threats and their mitigation for each environment using Node.js. Note: This may change over releases.

The community also added vulnerability checking for Node.js dependencies. This is a new script that queries vulnerability databases in order to find if any of Node.js’ dependencies are vulnerable. It runs as part of the continuous integration workflow, and if any new vulnerabilities are found, it automatically opens an issue tagging Node.js’ maintainers and Security Working Group members.

Additionally, the Node.js team fixed the first OpenSSF Project Omega CVE as part of the Node.js July 7, 2022, security release.

Organization

Day-to-day security is run through the triage team who look at HackerOne reports to fix issues and handles the ongoing OpenSSL reports and updates. The turnaround time on fixes has been tightened from about one week to under two days. 

The Security Working Group, which has a broader mandate to look at the future of Node.js security, has been reactivated, meeting every two weeks.

Join us!

Node.js is a critical community-led project where we need more people to contribute. If you are interested in lending your security expertise, we would like your participation. Our Security Working Group meets on Thursdays. You can download the calendar info from here: Node.js Project Calendar.

Using AbortSignal in Node.js

By Blog, Node.js, tutorial

By: James Snell, originally published on Nearform July 22, 2021

Foreword by: David Mark Clements

Dave Clements is an open source advocate and is the tech lead and primary author of OpenJS Foundation Node.js training and certification programs. And a big thank you to Nearform and James Snell for allowing the OpenJS Foundation to repost this article.

Foreword

The OpenJS Node Application Developer certification is an evergreen program that stays up to date
with advancements in the JavaScript specification, Node.js core, industry trends, and best practices
not only to ensure that the examination and training stay relevant but also to help disseminate
important information for the Node & JavaScript community.

With that in mind, the following article by James Snell is republished with permission from
James and NearForm where the article was first published. We strongly recommend anyone thinking
of taking the JSNAD certification read this article and consider the implications. We hope you
enjoy it!

The AbortController and AbortSignal APIs are quickly becoming the standard mechanism for canceling asynchronous operations in the Node.js core API.

If you search how to use the Promise.race() API, you’ll come across quite a few variations of the following:

The intent here is straightforward: Start a potentially long-running task but trigger a timeout if that task takes too long to complete. This is generally a good idea, but there are quite a few problems with this common example.

First, although the promise returned by Promise.race() will be fulfilled as soon as the first of the given promises is settled, the other promises are not cancelled and will keep on running. Although the timeout timer did fire, the long-running task is never actually interrupted and stopped.

Second, what happens to the timeout promise if the long-running task completes before the timeout is triggered? The answer is simple: The timer keeps running, and the promise will end up rejecting, still with an unhandled rejection — unnecessarily risking performance issues and possible memory leaks in your application.

To correctly handle this pattern, we need a reliable mechanism for signalling across the two promises, canceling either the timer or the long-running task as appropriate and ensuring that once the timeout is triggered all resources are cleaned up as quickly as possible. Fortunately, Web Platform APIs provide a standard mechanism for this kind of signalling — the AbortController and AbortSignal APIs.

In Node.js, a better way if implementing a Promise.race-based timeout would be:

As with the previous example, two promises are created. However, when each completes, it uses the AbortController and AbortSignal APIs to explicitly signal to the other that it should stop. As long as the code in those is written to support the AbortSignal API, everything just works.

For instance, in the example we make use of the recently added awaitable timers API in Node.js. These are variants of the setTimeout() and setInterval() that return promises.

The awaitable timer API supports the ability to pass in an AbortSignal instance. When the AbortSignal is triggered, the timer is cleared and the promise immediately rejects with an AbortError.

Support for AbortController and AbortSignal is being rolled out across the Node.js core API and can now be found in most of the major subsystems. Before we explore where the API can be used, let’s find out a bit more about the API itself.

All about AbortController and AbortSignal

The AbortController interface is simple. It exposes just two important things — a signal property whose value is an AbortSignal and an abort() method that triggers that AbortSignal.

The AbortSignal itself is really nothing more than an EventTarget with a single type of event that it emits — the ‘abort’ event. One additional boolean aborted property is true if the AbortSignal has already been triggered:

The AbortSignal can only be triggered once.

Notice that when I added the event listener in the example above, I included the { once: true } option. This ensures that the event listener is removed from the AbortSignal as soon as the abort event is triggered, preventing a possible memory leak.

Note that it’s even possible to pass an AbortSignal onto the addEventListener() itself, causing the event listener to be removed if that AbortSignal is triggered.

This starts to get a bit complicated too, but it’s important for preventing memory leaks when coordinating the cancellation of multiple complex tasks. We’ll see an example of how this all comes together next.

Implementing API support for AbortSignal

The AbortController API is used to signal that an operation should be cancelled. The AbortSignal API is used to receive notification of those signals. They always come in pairs.

The idiomatic way of enabling a function (like the someLongRunningTask() function in our examples above) to support this pattern is to pass a reference to the AbortSignal in as part of an options object:

Within this function, you should immediately check to see if the signal has already been triggered and, if it has, immediately abort the operation.

Next, it’s important to set up the handling of the ‘abort’ event before starting to process the task:

Notice here that we are creating an additional AbortController instance whose signal is passed in with the event listener. After we’ve completed the asynchronous task, we trigger that AbortController to let the AbortSignal know that the event handler can be removed. We want to make sure that the listener is cleaned up even if the async task fails, so we wrap the call to taskDone.abort() in a finally block.

It is also important to check if the signal has been triggered between various async tasks the method may be performing. This is important to catch cases where the event may not yet have had an opportunity to be emitted but the operation should still be interrupted.

Using AbortController and AbortSignal

The AbortController and AbortSignal APIs are quickly becoming the standard mechanism for canceling asynchronous operations in the Node.js core API.
For example, as of node.js 15.3.0, it is possible to cancel an HTTP request using the API:

Consult the Node.js documentation for more details on exactly which APIs support AbortSignal. More are being added all the time and support may vary across different Node.js major versions.

Node.js 18 Released With Improved Security, Fetch API, and Next-10 Strategic Initiatives

By Blog, Node.js, Project Update

Node.js 18 is available now! It adds multiple key features of enterprise and small- to medium-sized enterprises including increased security support, the Fetch API, and it is part of delivering on the larger Next-10 strategic initiative within Node.js that is pushing forward key priorities including modernizing HTTP and keeping Node.js on the forefront of web development. 

As part of increased security support, Node.js has been announced as the first pilot open source community to be supported by OpenSSF’s Alpha-Omega Project. Alpha-Omega is committing $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with a focus on supporting better open source security standards and practices.

“The Node.js team continues to do fantastic work. The open governance structure for Node.js has led to tangible improvements in security and forward-thinking planning, and the main features of Node.js 18 will be highly valuable to enterprises of all sizes,” said Robin Ginn, OpenJS Foundation executive director. “Whether you’re a new user or already have Node.js broadly implemented, now’s a good time to install and test Node.js 18.”

Following its long-established release schedule, Node.js 18 is a Current release, which means it’s the right time for testing by enterprises, before being suitable for production usage when it is promoted to long-term support (LTS) in October 2022.

“The Node.js project contributors and collaborators continue to do an excellent job, and I want to thank them all. We continue to improve and grow, and I believe Node.js is a real open source success story,” said Bethany Griggs, Node.js Technical Steering Committee member, and Senior Software Engineer at Red Hat. “As always, current releases, like Node.js 18, are the perfect time to test in your own unique development environment. If you’re a Node.js user, please try out Node.js 18 and give us feedback. Your feedback directly contributes to our ability to move new features into stable releases more quickly.” 

For comprehensive information on specific Node.js features, see the Node.js team release announcement written by the Node.js project contributors: LINK

There are three key reasons to evaluate and upgrade to Node.js 18: Security, APIs, Future Planning.

Security

This is the first version that will be later promoted to LTS with OpenSSL 3.0. OpenSSL 3.0 is a major new stable version of the popular and widely used cryptography library. OpenSSL contains an open-source implementation of the SSL and TLS protocols, which provide the ability to secure communications across networks. Among other key features, OpenSSL 3.0 contains a FIPS Module that has been submitted for validation. The Federal Information Processing Standards (FIPS) are a set of requirements enforced by the US government which govern cryptographic usage in the public sector. This is a key step forward in the cryptographic support in Node.js.

The Node.js project follows a well planned security release process, with regular outbound communications and more. In the last year, Node.js has formalized rotations around security. The commitment to take slots in the security release steward rotation is made by companies in order to ensure individuals who act as security stewards have the support and recognition from their employer to be able to prioritize security releases. 

APIs

Node.js 18 is adding even tighter synergy between front-end and back-end APIs. One of the key premises of Node.js is that JavaScript skills can be applied to the back-end. With Node.js 18, Fetch is globally available by default. The Fetch API provides an interface for fetching resources including across networks. It will seem familiar to anyone who has used XMLHttpRequest, but the new API provides a more powerful and flexible feature set.

“Node.js 18 will enable the Fetch API as a default. It’s been available since Node.js 17, but this moves forward Node.js application development, and it’s exciting to be a part of the process of improving Node.js in key fundamental areas,” said Michaël Zasso, Scientific research software engineer and co-founder at Zakodium, member of the Node.js Technical Steering Committee. “I would like to thank multiple team members and contributors, and in particular I would like to thank users who push us and support us. Thank you!”

XMLHttpRequest has been used by web developers enabling ajax and a whole new kind of interactive exposure. However, it has been slowly succeeded by Fetch API. Fetch API is Promise based, providing a cleaner and more concise syntax.

Future Planning

The Next-10 effort has elevated technical priorities which have led to discussions around modernizing http. The purpose of the Next-10 project is to work collaboratively on the strategic directions for the next 10 years of Node.js. Fetch API is one direct result of this process. The full Next-10 repository is available here: https://github.com/nodejs/next-10 

Node.js Training and Certification

The OpenJS Node.js Services Developer (JSNSD) and OpenJS Node.js Application Developer (JSNAD) certifications are available now. Node.js training courses are available to help you prepare for the exams: Node.js Application Development (LFW211) and the Node.js Services Development (LFW212). Discounts are available to members!

OpenJS Resources

Click here to learn more about how you could be a part of the OpenJS Foundation, and view these additional resources:

About OpenJS Foundation

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects and collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is currently home to 39 open source JavaScript projects, including Appium, Dojo, Electron, jQuery, Node.js, and webpack. It is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, Microsoft, and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value. 

About Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1000 members and is the world’s leading home for collaboration on open source software, open standards, and open hardware. Linux Foundation projects like Linux, Kubernetes, Node.js, and more are considered critical to developing the world’s most important infrastructure. Its development methodology leverages established best practices and addresses the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit their website.

Open Source Security Foundation (OpenSSF) Selects Node.js as Initial Project to Improve Supply Chain Security

By Announcement, Blog, Node.js, Uncategorized

From: Brian Behlendorf, OpenSSF Foundation, and Robin Bender Ginn, OpenJS Foundation

Today, we’re excited to announce that Node.js is the first open source community to be supported by OpenSSF’s Alpha-Omega Project. Alpha-Omega is committing $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with a focus on supporting better open source security standards and practices.

The open source software project Node.js is everywhere, and people put a lot of trust into the products and services that are built with Node.js, from NASA to Netflix. But many community-led JavaScript projects lack the time, people, and expertise for comprehensive security measures. Few companies that depend on Node.js contribute back to the project. Our hope is this can inspire more organizations that depend upon Node.js to also participate in its security efforts.

This assistance will relieve the pressure on Node.js project maintainers who are strained by market demands for new features while striving for a stable and secure codebase. Specifically, this will bring in security engineering resources from NearForm and Trail of Bits to support the Node.js Technical Steering Committee, help triage reports, steward security releases, improve security broadly for Node.js, and encourage implementing best practices in JavaScript projects across the industry.

Node.js carries a high criticality score for its influence and importance based on parameters established by industry security experts at OpenSSF. Almost 98% of the world’s 1.9 billion websites use JavaScript, the top programming language according to research by RedMonk and GitHub. Node.js – server-side JavaScript – was downloaded over 2 billion times in 2021. It’s pervasive across the industry, used in a significant portion of modern applications.

Both of us (Robin and Brian) are excited about this collaboration and the prospect of setting an example for both the OpenSSF and OpenJS communities.

Node.js Trademarks Transferred to OpenJS Foundation

By Blog, Node.js

OpenJS Foundation had previously been granted free, perpetual license to use Node.js trademarks and logo for the past 6 years

SAN FRANCISCO – February 14, 2022 – The OpenJS Foundation, providing vendor-neutral support for sustained growth within the open source JavaScript community, is announcing acquisition of ownership of the Node.js logo trademarks. 

Effective immediately, the OpenJS Foundation will take on the ongoing management and maintenance of the Node.js trademarks. The ownership and stewardship of the Node.js trademarks has moved from Joyent to the OpenJS Foundation. The rules governing usage of the Node.js trademarks will now be consistent with all of the other OpenJS Foundation projects’ trademarks. For contributors, nothing will change. 

Node.js is an Impact Project hosted at the OpenJS Foundation. For the past six years, Joyent has granted the OpenJS Foundation (and the Node.js Foundation prior) a perpetual, free license to use the “Node.js” trademarks, including the Node.js hexagon graphic.

The Node.js Technical Steering Committee (TSC) responded to the news, “It’s great to see the Node.js trademarks move over to the OpenJS Foundation. It’s been a hope since the formation of the Foundation and we’re happy to see it become a reality. One of the advantages of Node.js being a project at the OpenJS Foundation is legal support including the management of things like trademarks to help protect the work of the broad range of collaborators.”

Trademarks are important to the protection and adoption of an open source project because they identify a specific source of the code. Our goal is to ensure that the OpenJS trademark policy is as flexible and easy to understand as legally possible, while assuring the quality of products or services using Node.js or other OpenJS projects’ brands

“The responsible stewardship of the Node.js project over the past decade has led to critical, widespread adoption. This stewardship and positive collaboration between Joyent and originally the Node.js Foundation, now the OpenJS Foundation, has helped overcome differences among the contributors and the code base,” said Robin Ginn, OpenJS Foundation Executive Director. “Joyent can confidently contribute its trademarks to the OpenJS Foundation as a place of stability and industry-wide collaboration.” 

“Joyent has long believed in the power of open source to create opportunities for developers and businesses, and it’s gratifying to see how Node.js underpins the economic growth for so many,” said Sung Whan Moon, President & COO, Joyent. “The OpenJS Foundation is the right place to house ownership of the Node.js trademarks. As Node.js moves into its second decade, having the trademarks in a neutral home, but with the ability to enact trademark restrictions if needed, fully ensures the integrity of the project.”

Node.js is a healthy community supported extensively by companies that have increased the scale and commercial adoption of this project, including Bloomberg, NASA, Netflix, and many more. Node.js just shipped Node.js 17 and moved Node.js 16 to Long Term Support (LTS).

“The OpenJS Foundation will make a good home for the Node.js trademarks. Joyent is a long-standing member of the OpenJS Foundation, and developers can continue to rely on Node.js and build high quality solutions and products,” said Sean Johnson, Head of Commercial Group, Joyent, and OpenJS Board Platinum Director. “The outlook for Node.js adoption is brighter than ever.”

“A big thank you to OpenJS Foundation member Joyent. They are an important community member of the Node.js ecosystem and have assisted in the stewardship of the Node.js trademarks for the past decade. This is a good progression forward, and bodes well for the next decade of Node.js development,” said Todd Moore, VP of Open Technology and Developer Advocacy at IBM, and OpenJS Foundation Board Chairperson. “The OpenJS Foundation is positioned well to pursue its mission of driving the broad adoption of JavaScript technologies and ongoing development of key Node.js solutions and related technologies.”

Work is well underway on the future of Node.js at the OpenJS Foundation, and Node.js continues to grow. The OpenJS Foundation staff and Cross Project Council (CPC) community technical leaders are working on security and diversity efforts and much more. The Node.js maintainers are working collaboratively on the strategic directions for Node.js over the coming decade. If you want to join this effort please see Node.js next-10 and join one of the projects teams or working groups.

OpenJS Resources

To learn more about how you could be a part of the OpenJS Foundation, click here.

About OpenJS Foundation

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is made up of 38 open source JavaScript projects including Appium, Dojo, jQuery, Node.js, and webpack and is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, and Microsoft. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value. 

About Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1000 members and is the world’s leading home for collaboration on open source software, open standards, and open hardware. Linux Foundation projects like Linux, Kubernetes, Node.js and more are considered critical to the development of the world’s most important infrastructure. Its development methodology leverages established best practices and addresses the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit their website.

Media Contact

Jesse Casman

Story Changes Culture

jesse@storychangesculture.com

415-730-2793

Latest Node.js Savings End February 11, 2022

By Blog, Certification and Training, Node.js

It’s always a great time to invest in training or certification for you or your engineering team. The OpenJS Foundation, in partnership with the Linux Foundation, will be discounting all Node.js Certifications and Trainings up to 60% through Friday, February 11, 2022. Some of the world’s leading tech companies use the Node.js runtime in production and prefer to hire developers who are experienced with Node.js. The OpenJS Certification and Training program serves to help developers in their professional development goals.

Discounts Up to 60% with Code: NODE222 

OpenJS Node.js Services Developer Certification Exam (JSNSD) $375 $150

OpenJS Node.js Application Developer Certification Exam (JSNAD) $375 $150

Node.js Services Development Online Course + JSNSD Exam Bundle $575 $230

Node.js Application Development Online Course + JSNAD Exam Bundle $575 $230

POWER Bundle – JSNSD Course & Exam Bundle AND JSNAD Course and Exam Bundle $1150 $460

What’s included with certifications?

  • 12 month exam eligibility    
  • Free exam retake
  • Digital badge and PDF certificate upon passing

What’s included in online trainings?

  • Hands-on labs & assignments
  • Video content
  • 12 months of access to online courses
  • Discussion forums
  • Digital badge and PDF certificate upon completion

Certifications

Certifications are excellent ways to validate your own development skills to yourself, employers, and the world. 

OpenJS Node.js Application Developer (JSNAD)
The OpenJS Node.js Application Developer certification is ideal for the Node.js developer with at least two years of experience working with Node.js. For more information and how to enroll: https://training.linuxfoundation.org/certification/jsnad/

OpenJS Node.js Services Developer (JSNSD)
The OpenJS Node.js Services Developer certification is for the Node.js developer with at least two years of experience creating RESTful servers and services with Node.js. For more information and how to enroll: https://training.linuxfoundation.org/certification/jsnsd/

Training Offerings

Feel confident in taking your exams with the Node.js Training courses. These courses help prepare developers for the Node.js certification exams. 

Node.js Application Development (LFW211)
This course provides core skills for effectively harnessing a broad range of Node.js capabilities at depth, equipping you with rigorous skills and knowledge to build any kind of Node.js application or library. While by design the training content covers everything but HTTP and web frameworks, the crucial fundamentals presented prepares the student to work with web applications along with all types of Node.js applications.

Node.js Services Development (LFW212)
This course provides a deep dive into Node core HTTP clients and servers, web servers, RESTful services and web security essentials. With a major focus on Node.js services and security, this content is an essential counterpart to the Node.js Application Development (LFW211) course, and will prepare you for the OpenJS Node.js Services Developer (JSNSD) exam.

If you’d like to pursue Node.js Certifications and Trainings and this sounds like something you’d like to know more about, check out more information at this link.

Node.js in an Impact Project of the OpenJS Foundation.

Test your skills! How good are you with Node.js?

By Blog, Certification and Training, Node.js

Lock in Best Pricing of the Year Available for One Week Only! Steep Discounts on OpenJS Foundation Node.js Training & Certification for Cyber Monday

Want to know where you stand with Node.js? Having a vendor-neutral Node.js certification badge from the OpenJS Foundation on your profile is an easy way for peers and managers to know that your knowledge has been fully tested. 

Cyber Monday offers the best discounts of the year on OpenJS Foundation Node.js Training & Certification. Available for one week only!

Job openings are at record highs, and Node.js developers are in high demand. The 2021 Open Source Jobs Report found that 92% of hiring managers are unable to find enough talent to meet their organizations’ needs. If you know Node.js, you can stand out through the OpenJS Node.js Training and Certification. 

An important goal of the OpenJS Foundation is helping close the talent gap so the industry has the talent necessary to build their business, while also creating accessible pathways for anyone who wants to build their career with JavaScript and related technologies.

We are excited to offer our best pricing of the year on our Node.js training courses, certification exams, and bundled programs, for Cyber Monday. From now through December 6, 2021, all these fantastic offerings are available at significantly reduced cost. Through our partnership with the Linux Foundation, we’re providing vendor-neutral training directly from the experts helping build these projects.

This year’s Cyber Monday offers include:

PowerBundle (Save 65%. Use Code: CYBER21PB)

Pricing:  Pricing is $1150 $399

  • PowerBundle
    • Linux Foundation Node.js Application Development Training (LFW211) + 
    • OpenJS Foundation Node.js Application Development Certification Exam (JSNAD) + 
    • Linux Foundation Node.js Services Development Training (LFW212) + 
    • OpenJS Foundation Node.js Services Development Certification Exam (JSNSD)

Bundles (Save 65%. Use Code: CYBER21BUN)

Pricing:  Pricing is $575 $199

  • Bundle
    • Linux Foundation Node.js Application Development Training (LFW211) + 
    • OpenJS Foundation Node.js Application Development Certification 
  • Bundle
    • Linux Foundation Node.js Services Development Training (LFW212) + 
    • OpenJS Foundation Node.js Services Development Certification Exam (JSNSD)

Certifications (Save 50%. Use Code: CYBER21CC)

Pricing: Pricing is $375 $187.50

View the certification catalog from the Linux Foundation Training and check out the Node.js certifications under the Web and Application Certification section.

You can check out the full details of everything that is on offer on our Cyber Monday Landing Page. Take advantage of the incredible discounts!

Hear from developers who earned the Node.js certification badge on how this program helped increase their confidence and further their careers. 

Prosper Opara, Junior Fullstack Engineer at Deimos Cloud in Nigeria, recently shared his experience with the Node.js Certification. Prosper said the certification greatly helped improve his confidence in his skills as a Node.js developer, and his team members trust him more with Node.js related projects because he’s certified.
Juan Picado, a Senior Front-End Engineer at Adevinta in Berlin gave details about passing the certification exam. He described how it helped him dive more into the specifics of Node.js, and the professional benefits of this vendor-neutral test.

OpenJS Node.js Certification Version Update: Node.js 14 to Node.js 16

By Blog, Certification, Certification and Training, Node.js

The OpenJS Node.js certification exam has been updated with new content today to reflect the latest current, long-term support (LTS) version of Node.js 16, which was released two weeks ago. The certification is ideal for the intermediate Node.js developer looking to establish their credibility and value in their career.

The testing content broadly covers competence with Node.js to create applications of any kind, with a focus on knowledge of Node.js core API’s.

The exams have been updated based on an evaluation of all recent additions to Node.js core APIs, the evolution of the Node.js ecosystem, and continual tracking of industry standards. As a result, candidates will see a few exam questions have been either removed and added within relevant topic areas without increasing exam duration.

To help prepare for the Node.js Certification exams, the Linux Foundation offers training courses for both the Applications and Services exams. The training courses were authored by David Mark Clements, a principal architect, public speaker, author of the Node Cookbook, and open source creator specializing in Node.js and browser JavaScript.

These exams are evergreen and soon after Node.js updates its LTS version line, the certifications are updated to stay in lockstep with that LTS version. Now that Node.js 14 has moved into maintenance, certifications will be based on Node.js 16.

To see what’s new in Node.js 16, check out the Node.js blog by Bethany Griggs, with additional contributions from the Node.js Technical Steering Committee. 

The OpenJS Node.js Certification program was developed over time with community input, and launched two years ago in partnership with NearForm and NodeSource. 

Discounts from 10% – 50% are available for all the OpenJS Node.js trainings and certifications for members of the OpenJS Foundation and supporters of its JavaScriptLandia program. Corporate subscriptions are also available for full access to the Linux Foundation Training and Certification programs.