The purpose of this Alpha engagement is to provide security resources to the Node.js project in key areas, including:
- Improving vulnerability management (including making fixes)
- Improving dependency management
- Preparing security releases
- Implementing security features
- Collaboration (OpenSSF, Node Security Working Group, community)
Additional details are in security-support-role.md.
This engagement started in March 2024 and is expected to continue through at least March 2025.
A report and blog post will be created bi-monthly to reveal all efforts made during the last 2 months.
- Robin Ginn - OpenJS
- Rafael Gonzaga (@rafaelgss) - NodeSource / Node.js TSC
- Michael Dawson (@mhdawson) - Node.js TSC
- https://openssf.org/blog/2022/04/18/openssf-selects-node-js-as-initial-project-to-improve-supply-chain-security/
- https://openjsf.org/blog/2022/04/18/open-source-security-foundation-openssf-selects-node-js-as-initial-project-to-improve-supply-chain-security/
- https://www.nearform.com/blog/contributing-openssf-alpha-omega-project/