node.js

Alpha Engagemnt: Node.js

The purpose of this Alpha engagement is to provide security resources to the Node.js project in key areas, including:

• Improving vulnerability management (including making fixes)
• Improving dependency management
• Preparing security releases
• Implementing security features
• Collaboration (OpenSSF, Node Security Working Group, community)

Additional details are in security-support-role.md.

Timeline

This engagement started in May 2022 and is expected to continue through at least February 2023.

Monthly Updates

• May 2022
• June 2022
• July 2022
• August 2022
• September 2022
• October 2022
• November 2022
• December 2022

Primary Contacts

• Robin Ginn - OpenJS
• Rafael Gonzaga (@rafaelgss) - Nearform
• Michael Dawson (@mhdawson) - Node.js TSC

Announcement / News

• https://openssf.org/blog/2022/04/18/openssf-selects-node-js-as-initial-project-to-improve-supply-chain-security/
• https://openjsf.org/blog/2022/04/18/open-source-security-foundation-openssf-selects-node-js-as-initial-project-to-improve-supply-chain-security/
• https://www.nearform.com/blog/contributing-openssf-alpha-omega-project/