From: Brian Behlendorf, OpenSSF Foundation, and Robin Bender Ginn, OpenJS Foundation
Today, we’re excited to announce that Node.js is the first open source community to be supported by OpenSSF’s Alpha-Omega Project. Alpha-Omega is committing $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with a focus on supporting better open source security standards and practices.
The open source software project Node.js is everywhere, and people put a lot of trust into the products and services that are built with Node.js, from NASA to Netflix. But many community-led JavaScript projects lack the time, people, and expertise for comprehensive security measures. Few companies that depend on Node.js contribute back to the project. Our hope is this can inspire more organizations that depend upon Node.js to also participate in its security efforts.
This assistance will relieve the pressure on Node.js project maintainers who are strained by market demands for new features while striving for a stable and secure codebase. Specifically, this will bring in security engineering resources from NearForm and Trail of Bits to support the Node.js Technical Steering Committee, help triage reports, steward security releases, improve security broadly for Node.js, and encourage implementing best practices in JavaScript projects across the industry.
Node.js carries a high criticality score for its influence and importance based on parameters established by industry security experts at OpenSSF. Almost 98% of the world’s 1.9 billion websites use JavaScript, the top programming language according to research by RedMonk and GitHub. Node.js – server-side JavaScript – was downloaded over 2 billion times in 2021. It’s pervasive across the industry, used in a significant portion of modern applications.
Both of us (Robin and Brian) are excited about this collaboration and the prospect of setting an example for both the OpenSSF and OpenJS communities.
OpenJS recently spoke with Yavor Georgiev, Co-Founder, and Head of Product at Fusebit, to learn more about how his product leverages Node.js and other benefits of the open source ecosystem. Fusebit prides itself on being a “developer-first” focused product that takes the pain out of implementing SaaS integrations. Yavor and one of his co-founders at Fusebit previously had worked at Microsoft specifically on bringing support for Node.js to the Azure Cloud.
We learned that the Fusebit product team strongly believes in and supports the Node.js ecosystem. The entire Fusebit service is based on a “JavaScript developer experience with Node.js and npm”, which delivers a best-in-class experience for their customers.
Programming Model Based on Node.js
The Fusebit service exposes a programming model based on Node.js, allowing any developer to create an integration. That’s key for a couple of reasons. First, since there’s already a massive community of developers familiar with Node.js and JavaScript, developers don’t have to learn anything new and can use their existing processes and DevOps techniques. Another key benefit to having their model based on Node.js is that due to the size of the npm ecosystem, there’s a module for virtually everything. One of the benefits of open source is that developers don’t have to write and implement everything from scratch. In this case, they can grab a module from npm and speed up their productivity.
Security
We touched on the issue of security. Two of the co-founders of Fusebit were previously employees at Microsoft and later at Auth0, an identity and access management platform on which Fusebit’s security is based. Were it not for Node.js and companies like Auth0 being invested in securing the open source ecosystem, the Fusebit product itself wouldn’t be where it is today. They also leverage modules from npm where developers constantly update code and patch vulnerabilities.
Stripe for SaaS Integrations
The Fusebit service is like “Stripe for SaaS integrations.” So if you’re a developer working on a SaaS application and you need integrations to third-party SaaS products like Slack or JIRA, Fusebit provides the integrations in a turnkey way. Based on Node.js, there’s an infinite ability to customize solutions. As a result, Fusebit achieves great problem-solution-fits for their customers, unlike some low-code and no-code solutions. Another reason their product is focused on a developer audience is data fidelity is essential when connecting business software to something like Salesforce or other SaaS products. Someone has to have the right technical mindset to create that type of integration.
Open Source Contributions
The Fusebit team is also a proud contributor to open source development. Most of their source code is available on GitHub, so customers can go in and fork features, SaaS connectors, etc., and make them their own. We talked about everynode, a new project that Fusebit recently contributed to the open source ecosystem that lets developers run any version of Node.js, including the most recent builds on AWS Lambda. Lambda sometimes doesn’t have the latest versions available. The Fusebit team initially built it internally for integrations that required newer versions of Node.js and needed to run on AWS.
“You know, selfishly, it’s actually better for more developers to be familiar with it instead of keeping it secret. The more people are familiar with aspects of Fusebit that we’ve made open source, the better for us.”
The Fusebit team routinely takes pieces of the Fusebit service and makes them available to the public, whether it’s npm packages, repositories, or other content. The team also contributes by filing issues and contributing fixes to OSS projects and Node.js itself when needed. On making parts of their code public, Yavor commented, “You know, selfishly, it’s actually better for more developers to be familiar with it instead of keeping it secret. The more people are familiar with aspects of Fusebit that we’ve made open source, the better for us.”
JavaScript FTW!
With so many other programming languages out there, Yavor believes JavaScript is still in the lead for many reasons. It’s amazingly versatile, giving devs the ability to build end-to-end solutions. The language itself continues to evolve, and there are some remarkable initiatives around the standardization of the module spec, for example. Now you can write a module and use it pretty much anywhere JavaScript runs, whether it’s Node.js or in a browser. This continuous innovation supports the JavaScript language and the community and encourages people to continue learning JavaScript.
Fusebit thanks the Node.js community and everybody who’s contributing unpaid hours to make Node.js and the package ecosystem great. According to Yavor, the Node.js community has been a tremendous help to their product. They also give back to our community by hiring folks with Node.js in their skillset.
We at the OpenJS Foundation appreciate Yavor sharing his thoughts and experience.
As of October 2021, we have three new faces on the OpenJS Foundation Board of Directors. They are filling positions on the Platinum level, Gold level, and Community level. We welcome their collective experience and energy!
The Board sets technical policy, including “mission and vision statements, describing the overarching scope of foundation initiatives, technical vision, and direction.”
From our bylaws:
Each Platinum member is entitled to appoint one Director to the board, and the Platinum Directors are eligible to serve as chairperson and vice-chairperson. Gold and Silver members vote among themselves to select their representatives. The board also includes community representation, with up to 3 Community Director positions nominated by the CPC and its chartered committees.
Shayne Boyer
PLATINUM DIRECTOR, MICROSOFT
Shayne is currently a Principal Program Manager, leading the Developer Experiences team focused on cloud developer experiences for VS Code, Visual Studio and Azure. He has been leading teams in developer advocacy, enterprise, open source, web and the cloud for more than 10 years.
Daniel Cousineau
GOLD DIRECTOR, GODADDY
Daniel is a Senior Engineering Manager for GoDaddy’s UX Platform team, helping to deliver Javascript-powered tools and technologies to dozens of product teams ensuring a cohesive design and experience for nearly 19 million customers. He is also a passionate community advocate, helping organize community conferences like EmpireJS and meet-ups like QueensJS. He believes in the value that a healthy, accessible community can bring not only to future developers and leaders, but to the ecosystem as a whole.
Alex Liu
END-USER DIRECTOR, NETFLIX
Alex is the Engineering Manager for the Node.js Platform team at Netflix responsible for curating the Node.js development experience for hundreds of engineers across the company. His team builds on the shoulders of the incredible open source communities that have found a home in the OpenJS Foundation, and advocates for the continued support and sustainability of the vibrant communities that have made today’s ecosystem possible.
We sat down with Nick O’Leary to learn more about the current status of Node-RED and how they are helping users who are not typical software developers.
This post was written by the Node.js Mentorship Initiative and was first published on Node.js Medium Account.
The Node.js Mentorship Initiative is excited to announce a new opening. We are looking to add a new mentee to our initiative. We, therefore, invite developers who are passionate about the Node.js ecosystem and are willing to learn and contribute towards its growth and development to apply to this opportunity.
The Mentorship initiative prides itself in identifying specific needs of Working Groups and Initiatives within Node.js and posts applications for available opportunities.
Over the past year, we have helped the Examples Initiative and the N-API working group to recruit new mentees, which is in line with our objective of helping to bring more and more contributors into the Node.js ecosystem, and eventually the broader OpenJS ecosystem.
We’re looking for someone with a decent knowledge of GitHub, good technical and communication skills, as the responsibilities of a mentee will include routine repo maintenance, communication with other initiatives to gather feedback, and the design of technical challenges to be completed by applicants.
This is a great opportunity to make a meaningful impact on Node.js while learning from industry leaders and world-class software engineers. Please apply here by May 13th, 2021. We look forward to receiving your application.
We are thrilled with how OpenJS World 2021 is coming together! The global event is happening virtually on June 9, 2021 and the call for speaking sessions is OPEN! You can submit your OpenJS World talk here: https://cfp.openjsworld.com/
Quality content is a keystone priority for the OpenJS World program committee and we want to help people get a leg up in submitting thoughtful and relevant content.
While it’s never our intention to provide strict directives on how to prepare your speaking submission, we do have some general guidelines serves to help you prepare the best submission possible.
As you get started, here are three things that you should consider before submitting your proposal:
What are you hoping to get from your presentation?
What do you expect the audience to gain from your presentation?
How will your presentation help better the ecosystem?
There are plenty of ways to give a presentation about projects and technologies without focusing on company-specific efforts. Remember the things to consider that we mentioned above when writing your proposal and think of ways to make it interesting for attendees while still letting you share your experiences, educate the community about an issue, or generate interest in a project.
First Time Submitting? Welcome!
OpenJS World is a way to get to know the community and share your ideas and the work that you are doing and we strongly encourage first-time speakers to submit talks. In the instance that you aren’t sure about your abstract, please check out the #cfp-mentorship channel in the OpenJS Foundation Slack Channel.
In addition to the Slack channel, we are hosting an OpenJS AMA all around submitting great talks to OpenJS World. You can submit your questions here: https://forms.gle/fAjVWYEiNveo6BqS7
