Security Collaboration Space

JavaScript touches nearly every part of the web today, and maintainers at OpenJS Foundation-hosted projects are working tirelessly to keep critical infrastructure secure. The Cross Project Council seeks to leverage its better together approach by sharing best practices, guidance, and support among OpenJS and other JS projects in the ecosystem.

Together, we hope to reduce the risk and take ambitious security goals for all our OpenJS projects. We will further define, document, communicate, and measure in an open and transparent way.

Desired outcomes include:

• Strengthen the security and sustainability of the OpenJS projects to improve the software supply chain.
• Increased security contributions (time, people and resources) from public and private organizations, and security communities.
• Increased collaboration between security communities and JavaScript project maintainers.

This Repository

The purpose of this repository is to provide a central place for coordination and documentation around security best practices and resources for the JavaScript community and beyond.

Interested parties can also join our #security channel on Slack.

Collaboration Space Members

• Ben Sternthal (@bensternthal)
• Chris de Almeida (@ctcpip)
• Darcy Clarke (@darcyclarke)
• Joe Sepi (@joesepi)
• Jordan Harband (@ljharb)
• Matt Rutkowski (@mrutkows)
• Matteo Collina (@mcollina)
• Michael Dawson (@mhdawson)
• Robin Ginn (@rginn)
• Ulises Gascón (@UlisesGascon)

In-Flight Intiatives

• TBD

Links & Resources

• Strengthening security for OpenJS Foundation projects - Google Docs
• Security Collab Space application
• Security at OpenJS - Google Slides
• Security at OpenJS Github issue
• OpenSSF Project Alpha selects Node.js as initial project