Security at the OpenJS Foundation

The OpenJS Foundation supports its projects by improving their security through guidance, engineering support, and structured programs.

At the OpenJS Foundation, security is a shared responsibility and a top priority. Our maintainers work at the frontlines of the JavaScript ecosystem, and we want to help ensure they have the tools, guidance, and support they need to protect users at every level. Through collaboration with our partners, we're raising the bar for open source security.

Robin Bender Ginn
Executive Director, OpenJS Foundation

Overview

JavaScript is foundational to the web, and OpenJS Foundation project maintainers are committed to securing this critical infrastructure. By collaborating with the broader ecosystem, the Foundation aims to share best practices, set baseline security standards, and secure resources to advance ambitious, transparent security goals across all OpenJS projects.

Check out the below resources to see how you can improve your security best practices, and get involved with our community.

Strengthen Your JavaScript Project

Take advantage of expert resources and hands-on support to improve your project’s security posture through insights and tools to make smart, efficient security improvements, tailored guidance through our Security Compliance Program and use our CVD resources to respond effectively to security issues.

JavaScript Resources & Tools

  • Security Compliance Guide

    A checklist of essential security practices for OpenJS projects.

  • OpenPathFinder

    A dashboard and automation tool for monitoring security compliance.

  • JavaScript SBOM & Attestation Recommendations

    Evaluates tools and provides guidance on Software Bill of Materials and attestations.

  • Secure Release Guide

    A quick reference for safely publishing to npm and managing CVEs.

  • CVD Program Guide & Templates

    Resources for open source maintainers responding to vulnerability disclosures.

  • CNA Guide for Maintainers

    A guide for OpenJS project maintainers to understand and engage with the OpenJS CNA.

  • is-my-node-vulnerable

    Ensure the security of your Node.js installation by checking for known vulnerabilities.

  • Healthy Web Checkup

    Check for the latest version of popular web technology jQuery.

Get Commercial Support for Outdated Versions

The Ecosystem Sustainability Program (ESP) helps project maintainers continue providing public support for any software version, including those covered by an ESP partner, without restrictions.

TransistorTransistorTransistorTransistorTransistorTransistor

Join the Security Collaboration Space

Join our weekly Security Collaboration Space, our working group to discuss ongoing initiatives and share updates on our work. We welcome external perspectives and invite all interested participants to contribute to the conversation.

Add to Calendar

Thank you to our supporters

TransistorTransistor