OpenJS Foundation
TrainingTrainingBlogBlog
Become a member

Footer

OpenJS Foundation

About

  • Overview
  • Members
  • Leadership
  • Governance
  • Projects
  • Contact Us
  • Join

Community

  • Collaboration
  • JavaScriptLandia
  • Open Visualization
  • OpenJS World 2021
  • OpenJS World 2022
  • OpenJS World 2023

Legal

  • Privacy
  • Terms
  • CLA
  • Export
  • Code of Conduct

Explore

  • Training
  • Blog

Connect with us!

Stay up to date with the latest news and updates from the OpenJS.

TwitterGitHubYouTube

Copyright © OpenJS Foundation. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

OpenJS Foundation | Member Support | Terms of Use | Privacy Policy | Security | Bylaws | Code of Conduct | Trademark Policy | Trademark List | Cookie Policy

Security at the OpenJS Foundation

The OpenJS Foundation supports its projects by improving their security through guidance, engineering support, and structured programs.

Strengthen Your JavaScript Project

Take advantage of expert resources and hands-on support to improve your project’s security posture through insights and tools to make smart, efficient security improvements, tailored guidance through our Security Compliance Program and use our CVD resources to respond effectively to security issues.

JavaScript Resources & Tools

  • Security Compliance Guide

    A checklist of essential security practices for OpenJS projects.

    Learn more
  • OpenPathFinder

    A dashboard and automation tool for monitoring security compliance.

    Learn more
    Contribute
  • JavaScript SBOM & Attestation Recommendations

    Evaluates tools and provides guidance on Software Bill of Materials and attestations.

    Learn more
  • Secure Release Guide

    A quick reference for safely publishing to npm and managing CVEs.

    Learn more
  • CVD Program Guide & Templates

    Resources for open source maintainers responding to vulnerability disclosures.

    Learn more
  • CNA Guide for Maintainers

    A guide for OpenJS project maintainers to understand and engage with the OpenJS CNA.

    Learn more
  • is-my-node-vulnerable

    Ensure the security of your Node.js installation by checking for known vulnerabilities.

    Learn more
  • Healthy Web Checkup

    Check for the latest version of popular web technology jQuery.

    Learn more

Get Commercial Support for Outdated Versions

The Ecosystem Sustainability Program (ESP) helps project maintainers continue providing public support for any software version, including those covered by an ESP partner, without restrictions.

TransistorTransistorTransistorTransistorTransistorTransistor

Thank you to our supporters

TransistorTransistor

Join the Security Collaboration Space

Join our weekly Security Collaboration Space, our working group to discuss ongoing initiatives and share updates on our work. We welcome external perspectives and invite all interested participants to contribute to the conversation.

Add to Calendar

“At the OpenJS Foundation, security is a shared responsibility and a top priority. Our maintainers work at the frontlines of the JavaScript ecosystem, and we want to help ensure they have the tools, guidance, and support they need to protect users at every level. Through collaboration with our partners, we're raising the bar for open source security.”

Robin Bender Ginn
Executive Director, OpenJS Foundation

Overview

JavaScript is foundational to the web, and OpenJS Foundation project maintainers are committed to securing this critical infrastructure. By collaborating with the broader ecosystem, the Foundation aims to share best practices, set baseline security standards, and secure resources to advance ambitious, transparent security goals across all OpenJS projects.

Check out the below resources to see how you can improve your security best practices, and get involved with our community.