/security-wg

Node.js Ecosystem Security Working Group

Primary LanguageJavaScriptMIT LicenseMIT

Node.js Security WG Security WG Meetings Security WG Twitter Hashtag OpenJS Slack Invite

Ecosystem Security Working Group

Table of Contents

Charter

The Ecosystem Security Working Group works to improve the security of the Node.js Ecosystem.

Responsibilities include:

  • Work with the Node Security Platform to bring community vulnerability data into the foundation as a shared asset.
  • Ensure the vulnerability data is updated in an efficient and timely manner. For example, ensuring there are well-documented processes for reporting vulnerabilities in community modules.
  • Maintain and make available data on disclosed security vulnerabilities in:
    • the core Node.js project
    • other projects maintained by the Node.js Foundation technical group
    • the external Node.js open source ecosystem
  • Promote the improvement of security practices within the Node.js ecosystem.
  • Facilitate and promote the expansion of a healthy security service and product provider ecosystem.

This Working Group is not responsible for managing or responding to security reports against Node.js itself. That responsibility remains with the Node.js TSC.

Node.js Bug Bounty Program

The program is managed through the HackerOne platform at https://hackerone.com/nodejs with further details.

Current Initiatives

We are currently defining the Initiatives for 2023, feel free to participate.

Initiative Champion Status Links
Permission Model @RafaelGSS In Progress PR #44004
Automate update dependencies @facutuesca In Progress Issue #828
Assessment against best practices @fraxken Evaluation Issue #859
Automate Security release process @RafaelGSS Evaluation Issue #860

Current Project Team Members

Emeritus Members

Code of Conduct

The Node.js Code of Conduct applies to this WG.

Moderation Policy

The Node.js Moderation Policy applies to this WG.