Security at the OpenJS Foundation

The OpenJS Foundation supports its projects by improving their security through guidance, engineering support, and structured programs.

Strengthen Your JavaScript Project

Take advantage of expert resources and hands-on support to improve your project’s security posture through insights and tools to make smart, efficient security improvements, tailored guidance through our Security Compliance Program and use our CVD resources to respond effectively to security issues.

JavaScript Resources & Tools

  • Security Compliance Guide

    A checklist of essential security practices for OpenJS projects.

  • OpenPathFinder

    A dashboard and automation tool for monitoring security compliance.

  • JavaScript SBOM & Attestation Recommendations

    Evaluates tools and provides guidance on Software Bill of Materials and attestations.

  • Secure Release Guide

    A quick reference for safely publishing to npm and managing CVEs.

  • CVD Program Guide & Templates

    Resources for open source maintainers responding to vulnerability disclosures.

  • CNA Guide for Maintainers

    A guide for OpenJS project maintainers to understand and engage with the OpenJS CNA.

  • is-my-node-vulnerable

    Ensure the security of your Node.js installation by checking for known vulnerabilities.

  • Healthy Web Checkup

    Check for the latest version of popular web technology jQuery.

Get Commercial Support for Outdated Versions

The Ecosystem Sustainability Program (ESP) helps project maintainers continue providing public support for any software version, including those covered by an ESP partner, without restrictions.

TransistorTransistorTransistorTransistorTransistorTransistor

Join the Security Collaboration Space

Join our weekly Security Collaboration Space, our working group to discuss ongoing initiatives and share updates on our work. We welcome external perspectives and invite all interested participants to contribute to the conversation.

Thank you to our supporters

TransistorTransistor